AI-generated summary
beta
This job is all about ensuring compliance with regulations and standards in the digital signature space. You might like this job because you’ll work closely with regulators, manage audits, and oversee risks while keeping critical services running smoothly!
RM 0K - RM 10K
Wisma UOA Damansara II, Suite 1-2, Level 1, Changkat Semantan, Bukit Damansara, 50490 Kuala Lumpur, Kuala Lumpur
Job Description
1. Regulatory Compliance Management
- Ensure compliance with:
- Digital Signature Act 1997
- Guidelines from Malaysian Communications and Multimedia Commission
- Monitor regulatory updates and implement necessary changes
- Liaise with regulators and government agencies
2. Standards & Audit Compliance
- Ensure adherence to international CA standards such as:
- WebTrust for Certification Authorities
- ETSI EN 319 411
- ISO/IEC 27001
- Coordinate and ownership of:
- External audits (e.g., WebTrust audits)
- Internal compliance reviews
- Manage audit findings and remediation plans
3. Policy & Documentation Governance
- Develop and maintain:
- Certificate Policy (CP)
- Certification Practice Statement (CPS)
- Ensure policies align with:
- CA/Browser Forum Baseline Requirements
- Control document versioning and publication (e.g., repository obligations)
4. Risk & Compliance Monitoring
- Conduct compliance risk assessments
- Monitor adherence to:
- Key management procedures
- Certificate issuance processes
- Identify gaps and implement corrective actions
5. Operational Oversight (Trust Services)
- Oversee compliance in:
- Identity verification (eKYC) processes
- Certificate issuance, renewal, revocation
- Key lifecycle management
6. Reporting & Governance
- Prepare monthly compliance reports for Senior management
- Track Audit findings closure
- Incident response timelines
- SLA Management with Partners and Customers
- Monitors and Coordinates incident and breach management.
7. Stakeholder & External Relations
- Act as primary contact for:
- Auditors
- Regulators (direct e.g. MCMC, and indirect e.g. SSM)
- Relying parties (when needed)
- Support customer due diligence for enterprise clients
Job Requirements
Required Skills, Competencies and Qualifications
- Technical / Domain Knowledge
- Public Key Infrastructure (PKI) concepts including PQC
- Digital certificates (X.509)
- Cryptographic controls and key management
- Understanding of HSM operations
2. Compliance & Governance
- Regulatory compliance frameworks e.g. Webtrust
- Audit management
- Risk assessment methodologies
3. Soft Skills
- Strong analytical thinking
- Attention to detail
- Communication with regulators and auditors
- Policy writing and interpretation
4. Qualifications
- Bachelor’s degree in IT, Cybersecurity, Engineering and other relevant Bachelor’s degree
- Candidates without bachelor’s degree will also considered provided the candidate demonstrates the fulfilment of all requirements above.
- Candidates with professional qualifications such as CISA, CISM, CISSP, ISO27001 Lead auditor will be given extra preference.
Skills
Company Benefits
Opportunities for career growth
We live for innovation and growth, and we make sure our employees get to achieve that during their time here.
Medical claims
We care about our team members like our friends and family. We want you to stay fit and healthy!
Bonuses and raises!
KPI oriented annual salary review & increment, performance bonus & more!
Positive & energetic!
No office politics & no moaners. We grow as one, we win as one! Positive, solution-oriented & high in spirit!
Additional Info
Company Profile
