Job Description

Regulatory Compliance Management

• Ensure compliance with: 
• Digital Signature Act 1997 
• Malaysian Communications and Multimedia Commission (MCMC) guidelines 
• Relevant industry and cybersecurity regulations 
• Monitor regulatory updates and implement necessary compliance changes 
• Liaise with regulators, government agencies, and relevant authorities
  

Standards, Certification & Audit Management

• Ensure compliance with international Certification Authority (CA) standards including: 
• WebTrust for Certification Authorities 
• ETSI EN 319 411 
• ISO/IEC 27001 
• CA/Browser Forum Baseline Requirements 
• Coordinate and manage: 
• External audits (e.g., WebTrust audits) 
• Internal compliance reviews 
• Audit remediation and corrective action plans 
• Track audit findings and ensure timely resolution
  

Policy & Governance Management

• Develop, review, and maintain governance documents including: 
• Certificate Policy (CP) 
• Certification Practice Statement (CPS) 
• Compliance policies and operational procedures 
• Ensure documentation aligns with regulatory and industry standards 
• Manage document versioning, publication, and repository obligations
  

Risk & Compliance Monitoring

• Conduct compliance and operational risk assessments 
• Monitor adherence to: 
• Certificate issuance and revocation processes 
• Key management procedures 
• Cryptographic and security controls 
• Identify compliance gaps and implement corrective actions and process improvements
  

Operational Oversight (Trust Services)

• Oversee governance and compliance of trust service operations including: 
• Identity verification and eKYC processes 
• Digital certificate issuance, renewal, and revocation 
• Key lifecycle management and cryptographic controls 
• Coordinate incident response and breach management activities 

Reporting & Stakeholder Management

• Prepare compliance and governance reports for senior management 
• Monitor SLA performance with partners and customers 
• Act as the primary liaison for auditors, regulators, enterprise clients, and relying parties when required 
• Support customer due diligence and compliance assurance activities

Job Requirements

Education & Qualifications

• Bachelor’s Degree in: 
• Information Technology 
• Cybersecurity 
• Computer Science 
• Engineering 
• Related discipline 
• Candidates without a degree may also be considered if they demonstrate strong relevant experience and technical competency
  

Professional Certifications (Preferred)

Candidates with the following certifications will have an added advantage:

• CISA 
• CISM 
• CISSP 
• ISO 27001 Lead Auditor 
• Other cybersecurity, compliance, or governance certifications
  

Experience

• Proven experience in Governance, Risk & Compliance (GRC), cybersecurity governance, audit, or Certification Authority (CA) operations 
• Experience handling compliance audits, risk assessments, and regulatory engagements 
• Familiarity with trust services, PKI environments, or digital certificate operations is highly preferred
  

Technical & Domain Knowledge

Strong understanding of:

• Public Key Infrastructure (PKI) 
• Digital certificates (X.509) 
• Cryptographic controls and key lifecycle management 
• Hardware Security Modules (HSM) 
• Post-Quantum Cryptography (PQC) concepts 
• Regulatory compliance frameworks and audit standards
  

Soft Skills

• Strong analytical and critical thinking skills 
• Excellent attention to detail and governance mindset 
• Strong communication and stakeholder management skills 
• Ability to interpret regulations and develop governance policies 
• Able to work independently and manage multiple priorities

Skills