The company offers various perks such as travel discounts, which include reduced rates for flights and access to e-coupon schemes. 

Comprehensive Benefits Package

The company invests in its employees through training programs, workshops, and skill development initiatives. 

Career Development Opportunities

The company is known for its innovative culture and encourages employees to bring creative ideas to the table. 

Dynamic Work Environment

AirAsia X

Now, that dream has sparked half a billion more dreams and will continue to do so through new experiences from Asean fast food and food deliveries to a network of gateways and getaways.
Source: <a href="https://www.capitala.com/mission_vision.html" target="_self">https://www.capitala.com/mission_vision.html</a>

Who We Are

Our Mission
Connecting People, Transforming Lives
People are at the heart of everything we do.
We exist to connect everyone with everything everywhere. In doing so, we serve the underserved, build communities and transform lives to unite Asean.

Our Vision
Uniting Asean and Beyond
A region rich in culture, diversity &amp; talent, we champion the idea of a region united by our shared heritage and aspirations.

Source: <a href="https://www.capitala.com/mission_vision.html" target="_self">https://www.capitala.com/mission_vision.html</a>

Our Values

Job DescriptionFounded in September 2020, Asia Digital Engineering (ADE) is a wholly-owned subsidiary of Capital A Berhad based in KLIA2, Kuala Lumpur, Malaysia. ADE leverages the AirAsia Group Engineering Department’s best practices and unsurpassed combined experience in the region. ADE offers a range of aircraft services focused on the Airbus A320, A321 &amp; A330 for line maintenance services, component and warehouse services, and engineering support services. At ADE, we are dedicated to ensuring world-class security and performance across all our products and services. The Cyber Security Analyst is a key part of this mission, supporting the Information Security department with a hybrid role of Governance (GRC) and Technical Operations Monitoring. This detail-oriented and proactive role is critical in maintaining a robust security posture, with the primary objective being strict compliance with EASA Part-IS regulations, leveraging standards like ISO/IEC 27001 and the NIST Cybersecurity Framework. You will work closely with business stakeholders, technical teams (SRE/IT), and external partners, acting as the essential bridge between regulatory requirements and technical execution. What you will do:A. Information Security&nbsp; Governance, Risk&nbsp; &amp; Compliance (GRC)&nbsp;Primary Objective: Drive the operational execution and continuous monitoring of the EASA Part-IS regulatory program by leveraging industry-standard frameworks to ensure airworthiness and information security resilience.<ul><li style="font-size:14px !important;color:#000000 !important">Execution &amp; Monitoring: Lead the daily implementation and continuous monitoring of EASA Information Security (IS) requirements. Translate high-level regulatory mandates into actionable security tasks and ensure strict adherence across the organization.</li><li style="font-size:14px !important;color:#000000 !important">Framework Integration (ISO 27001 &amp; NIST): Utilize ISO/IEC 27001 standards to structure the Information Security Management System (ISMS) and apply the NIST Cybersecurity Framework to design robust operational controls. Ensure these frameworks are harmonized to satisfy specific EASA compliance obligations.</li><li style="font-size:14px !important;color:#000000 !important">Risk Management &amp; Gap Analysis: Maintain the Information Security Risk Register by performing regular compliance gap analyses. Assess risks against both EASA regulations and NIST best practices, focusing on vulnerabilities that could impact regulatory certification.</li><li style="font-size:14px !important;color:#000000 !important">Policy Development &amp; Governance: Develop and update security policies, standards, and procedures. Ensure all governance documentation aligns with ISO/IEC 27001 rigor while specifically addressing the aviation security nuances required by EASA Part-IS.</li><li style="font-size:14px !important;color:#000000 !important">Audit Assurance &amp; Remediation: Act as the primary point of contact for compliance evidence during internal and external EASA audits. Manage the collection of evidence and lead the timely remediation of any non-conformities or observations.</li></ul>B. Technical Security Operations and AnalysisSecondary Objective: Coordinate and monitor the execution of technical security tasks—including those performed by vendors and third parties. This encompasses deep-dive log analysis, vulnerability lifecycle management, and offensive security support, with the goal of ensuring the resilience of both IT and critical Operational Technology (OT) environments. <ul><li style="font-size:14px !important;color:#000000 !important">Security Monitoring and Analysis: You will help manage the security monitoring system (SIEM) by checking logs and alerts (from tools like IDS) to find unusual activity and security issues related to EASA regulations.</li><li style="font-size:14px !important;color:#000000 !important">Vulnerability and Patch Management: You will manage the process for finding and fixing security weaknesses in aviation systems. This includes working with the SRE/DevOps teams to build security scanning and patching into our deployment process, and making sure we fix the most critical issues first to protect flight safety and airworthiness across both standard IT and Operational Technology (OT) environments.</li><li style="font-size:14px !important;color:#000000 !important">Security Testing (VAPT): You will help organize and perform security tests (VAPT) to check if our firewalls, encryption, and other technical controls are working correctly and meet both internal security standards and EASA Part-IS rules.</li><li style="font-size:14px !important;color:#000000 !important">Incident Support: During a security incident, you will provide hands-on technical help. This includes gathering digital evidence, checking initial log data, and writing reports to figure out the root cause and meet regulatory reporting requirements.</li></ul> C. Partner, Third-Party Risk &amp; Stakeholder ManagementOther Objective: Oversee the end-to-end security lifecycle of the organization’s supply chain, working in tandem with the internal contract and vendor management team. You will serve as the strategic liaison between internal stakeholders, legal counsel, and external partners to ensure all third-party contracts and operations maintain rigorous compliance with EASA Part-IS mandates. Your experience and skills: <ul><li style="font-size:14px !important;color:#000000 !important">Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.</li><li style="font-size:14px !important;color:#000000 !important">Minimum of 2–4 years of experience in a Cyber Security, Information Security GRC, or IT Audit role, demonstrating a blend of technical operations and governance documentation.</li><li style="font-size:14px !important;color:#000000 !important">Essential: Demonstrated knowledge and practical experience with any regulatory frameworks, and how to apply airworthiness and safety standards to IT security controls.</li><li style="font-size:14px !important;color:#000000 !important">Strong working knowledge of ISO/IEC 27001 (for ISMS management) and familiarity with NIST Cybersecurity Framework (CSF) for operational risk and control mapping.</li><li style="font-size:14px !important;color:#000000 !important">Experience with Security Operations, including Vulnerability Management and log analysis.</li><li style="font-size:14px !important;color:#000000 !important">Experience reviewing vendor contracts and conducting security due diligence/risk assessments (Third-Party Risk).</li><li style="font-size:14px !important;color:#000000 !important">Familiarity with DevOps/SRE cultures and integrating security into CI/CD pipelines is a strong plus.</li><li style="font-size:14px !important;color:#000000 !important">Proven ability to translate complex regulatory texts into practical instructions for technical teams (Regulatory Translation).</li><li style="font-size:14px !important;color:#000000 !important">Strong problem-solving skills to conduct gap analyses and root cause analysis for security incidents (Analytical Thinking).</li></ul> We are all different - one talent to another - that is how we rely on our differences. At AirAsia, you will be treated fairly and given all chances to be your best.We are committed to creating a diverse work environment and are proud to be an equal opportunity employer. Search Firm Representatives - AirAsia does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place.

This job is for an Information Security Analyst II. You might like this job because you&#x27;ll ensure aviation security, compliance with regulations, and keep tech systems safe while collaborating with various teams. It&#x27;s a vital role in keeping air travel secure!


 
Job DescriptionFounded in September 2020, Asia Digital Engineering (ADE) is a wholly-owned subsidiary of Capital A Berhad based in KLIA2, Kuala Lumpur, Malaysia. ADE leverages the AirAsia Group Engineering Department’s best practices and unsurpassed combined experience in the region. ADE offers a range of aircraft services focused on the Airbus A320, A321 and A330 for line maintenance services, component and warehouse services, and engineering support services.
At ADE, we are dedicated ...

Information Security Analyst II

AirAsia X

IT Security Specialist

Hiredly X

Security Engineer

Digital Defense Solution Sdn Bhd

Associate, Cyber Security Governance, Risk & Compliance

Hiredly X

Senior Security Engineer

Hiredly X

Cloud Security Engineer

ZUS COFFEE

Cybersecurity Talent Wanted. From SOC Analyst to CISO. (Salary RM 5,000 - RM 35,000+)

Hiredly

Cyber Security Engineer (Penetration Testing)

Hiredly X

Solution Engineer IT (Cybersecurity, Identity)

Bright Nexus (M) Sdn Bhd

Risk and Compliance Executive

Mobi

Company Profile

AirAsia X