Job Description

Join our global team for a career filled with opportunities to solve challenges both small and large, local and global, simple and complex.

About Us

Wilhelmsen is a global maritime industry group founded in 1861. We have the biggest maritime network in the world, with a presence in over 540 offices globally. Our mission is to shape the maritime industry by delivering innovation, sustainability and unparalleled customer experiences to enable global trade and a more sustainable future. We serve over half of the worldwide merchant fleet with products and services, and supply crew and technical management for some of the most complex vessels in the world.

Global Business Services (GBS) is an in-house service provider specializing in HR, Finance and Technology for Wilhelmsen - providing high quality, scalable, reliable solutions that drive efficiency, enhance customer experience and cost-efficient business support services

Job title

Cyber Security Awareness & Compliance Specialist

Who we are looking for: 

We are seeking a Cyber Security Awareness & Compliance Specialist who can help strengthen our overall cyber resilience. You will help employees understand their security responsibilities and support key compliance activities for frameworks such as ISO 27001, NIS2, and DORA.

Through effective training, communication, and coordination, you will play an important role in building a strong culture of security awareness, accountability, and continuous improvement across the organization.

Who you will report to:                                  

Reports to the Director of Cyber Security (GBS) and collaborates closely with:

• GRC team for framework alignment and control tracking
• SOC/CIRT for incident-driven learning and metrics
• HR and Communications for awareness delivery and policy roll-out
• Business Unit representatives for compliance evidence collection and training follow-up

What you will work on: 

Awareness & Culture

• Design and execute a global cybersecurity awareness and training program, including phishing campaigns and targeted interventions.
• Promote a strong security culture through communication, gamification, and leadership engagement.
• Ensure awareness activities are aligned with framework requirements (ISO 27001, NIS2, DORA etc).

Compliance Coordination

• Support GRC in maintaining compliance documentation and audit evidence related to awareness, training, and communication controls.
• Coordinate awareness and compliance metrics reporting for management and auditors.
• Monitor and follow up on regulatory changes impacting employee obligations and training content.

Training & Role-Based Competence

• Maintain a role-based security training framework across technical, operational, and leadership levels.
• Track training completion and ensure compliance with regulatory and internal requirements.

Metrics & Reporting

• Consolidate awareness, training, and compliance metrics into dashboards for GRC and executive reporting.
• Measure control effectiveness and recommend improvements in awareness or policy adherence.

Additional Focus Areas (on business demand)

Human Risk Management

• Correlate phishing, behavioural, and incident data into a human risk index shared with GRC and management.
• Identify high-risk areas and support targeted remediation or training actions.

Audit & Evidence Support

• Prepare and maintain audit-ready documentation for awareness, training, and compliance controls.
• Coordinate responses during internal and external audits related to information security frameworks.

Regulatory Change Awareness

• Track evolving cyber regulations (NIS2, DORA, ISO revisions) and advise GRC on implications for awareness or reporting.

Incident-Driven Learning

• Feed lessons from security incidents into training and awareness campaigns, ensuring continual improvement.

Qualifications you have for this role:

• Bachelor’s degree in Cybersecurity, Compliance, Communications, or related field.
• Preferred certifications:
• SANS Security Awareness Professional (SSAP) or SANS MHR
• ISO 27001 Lead Implementer / Lead Auditor
• NIS2 Foundation / Practitioner
• 3–5 years in cybersecurity awareness, compliance, or GRC-related roles.
• Experience with phishing simulation tools and training platforms (KnowBe4, Microsoft Attack Simulator or similar).
• Familiarity with ISO 27001, NIS2, DORA, or similar frameworks.

Skills & Competencies you have for this role:

• Strong communication and stakeholder management skills.
• Understanding of compliance management systems and risk-based controls.
• Analytical mindset with ability to present data-driven insights.
• Skilled in Microsoft 365, ISMS, and reporting tools (Excel, Power BI).

Work Location: Kuala Lumpur, Malaysia

Application deadline: Friday, 2nd January 2026

How to apply:

Sounds interesting? If you see yourself fitting into this role, please let us know why the role interest you. Apply online through our career portal at https://www.wilhelmsen.com/careers/ under Current Vacancies by creating a ‘Candidate Home’ account and thereafter upload your resume and expected salary.

Please note that all positions at Wilhelmsen are subject to reference and ID checks. For certain roles, additional background screening may be required.

Job Requirements