Job Description (JD)
| Nama Program | KESELAMATAN SIBER [K622-001-SS:2026] |
|---|---|
| Kod CU | K622-001-SS:2026-C01 |
| Competency | Core |
| Tajuk CU | Cyber Security Governance, Risk & Compliance (GRC) |
| Penerangan CU | Expert Element Overview: Cyber Security Governance, Risk & Compliance (GRC) describes the expert in integrating governance structures, enterprise risk processes, and compliance functions to strengthen organisational resilience. At the Senior Skills Expert level, the individual aligns multi-domain cyber initiatives with organisational strategy, standardises governance practices across business units, and evaluates enterprise-wide control effectiveness. The expert drives operational assurance by coordinating risk treatments, strengthening compliance programmes, and validating audit readiness. This role requires advanced analytical capability, cross-functional coordination, and the ability to influence organisational behaviour to cultivate a mature, risk-aware culture aligned with regulatory and industry standards. |
| Tempoh Latihan | 0 |
| Objektif Pembelajaran | 1.The person who is expert in this activity should capable to i)Optimise governance policies and control effectiveness; ii)Integrate enterprise risks and strengthen operational assurance; iii)Strengthen audit capabilities and compliance assurance; 2.The outcome of this domain is able to i)Align cyber governance structures with organisational strategy and enterprise performance objectives. ii)Integrate cyber risk management across departments to support enterprise risk decision-making. iii)Enhance governance maturity through consistent evaluation, improvement, and standardisation of controls. iv)Strengthen audit, compliance, and assurance processes to meet regulatory expectations. v)Coordinate enterprise-wide governance reporting to support executive oversight and strategic alignment. vi)Drive organisation-wide awareness and capability building to sustain resilient GRC practices. 3.Professional certifications related to this domain expertise include, but are not limited to: i)Certified in Risk and Information Systems Control (CRISC). ii)Certified Information Security Manager (CISM). iii)Certified Information Systems Auditor (CISA). iv)Certified in the Governance of Enterprise IT (CGEIT). |
| Pra-Syarat | K622-001-SE:2026 |

