Job Description

 Position Responsibilities 

1. 🌐 Regional Data Protection & Compliance

• Develop and enforce region-wide policies for data classification, retention, and destruction, tailored to local regulatory and operational needs.
• Ensure compliance with regional data protection regulations including PDPA (Malaysia, Singapore), GDPR (Europe), and other relevant local data privacy laws in each operational market.
• Conduct Data Privacy Impact Assessments (DPIAs) and regional risk analyses in collaboration with legal, tech, and business stakeholders.
• Serve as a key contact for regional compliance initiatives and audits related to data protection.

2. 🔐 Security Architecture & Access Controls

• Design and implement security controls across cloud-based and on-premise systems used in multiple markets (web, mobile, network, POS, ERP, etc.).
• Evaluate and deploy encryption, tokenisation, and data masking technologies that scale regionally.
• Manage role-based access control (RBAC) and identity lifecycle systems to ensure secure user provisioning across functions and countries.

3. 🚨 Regional Incident Detection & Response

• Monitor infrastructure and applications across all regions for potential breaches or data leaks using centralized logging and SIEM tools.
• Lead coordinated incident response efforts across markets, including impact analysis, communication protocols, and stakeholder escalation.
• Maintain and periodically test regional business continuity plans (BCP) and incident response protocols, ensuring localized coverage and readiness.

4. 🧪 Security Assessments, Testing & Audits

• Conduct regular vulnerability assessments and penetration tests across all regionally deployed systems.
• Support internal and external security and compliance audits with structured documentation and evidence collection across locations.
• Collaborate with DevOps, QA, and Product teams to embed secure coding and deployment practices in the SDLC across regions.

5. 🧠 Training, Awareness & Culture Building

• Develop and deliver localized security awareness training programs for regional teams to drive adoption of security protocols and behaviors.
• Champion a security-first culture across engineering, operations, and support teams at the regional level.
• Support executive leadership in embedding security considerations into business decision-making.

Job Requirements

 Qualification and Experience

• Bachelor’s degree in Information Security, Computer Science, or a related technical discipline.
• Minimum 3 years of experience in cybersecurity or data protection roles, preferably in multi-country or regional environments.
• Deep knowledge of industry security standards and frameworks such as NIST, ISO 27001, CIS, and CSA CCM.
• Hands-on experience with tools and platforms including firewalls, SIEM, DLP, IAM, and cloud security solutions (AWS preferred).
• Familiarity with data protection laws across multiple regions, including PDPA, GDPR, PCI-DSS, and local cybersecurity acts.
• Professional certifications such as CISSP, CISM, CEH, or ISO 27001 Lead Implementer.
• Experience working in fast-growing, tech-enabled businesses or startups across Southeast Asia or similar regions.
• Understanding of F&B technology stacks including POS systems, ERP platforms, mobile apps, and eCommerce environments.
• Exposure to cloud-native security practices, multi-tenant environments, or SaaS platform security at a regional level.

  a Necessity, not a Luxury  

Skills