• Career
  • >
  • Cybersecurity Manager

    • Cybersecurity Manager

    Cybersecurity Manager

    Team

    IT

    Location

    Malaysia

    Type

    Full-Time

    Apply

    dtcpay is recently honoured as Disruptor of the Year and Paytech of the Year at the Asia Fintech Awards, with strong foundations in Singapore and Hong Kong, we’re launching our global journey starting from Malaysia. Our Malaysia office, DTC Academy Sdn. Bhd. is seeking a experienced Cybersecurity Manager to join our dynamic team.

    The Cybersecurity Manager will report directly to the Head of IT Security and oversee dtcpay’s comprehensive cybersecurity strategy across Offensive Security (Red Team), Defensive Security (Blue Team), and Governance, Risk, and Compliance (GRC). This role blends technical expertise, risk management, and strategic oversight to strengthen organizational security, ensure compliance with regulatory frameworks, and minimize third-party risks.

    Responsibilities:
    1. Offensive Security (Red Team)
    • Oversee and coordinate penetration tests, vulnerability assessments, and red team exercises across systems, networks, and applications.
    • Simulate real-world cyberattacks to identify vulnerabilities and weaknesses in security controls.
    • Develop and refine offensive security playbooks to address evolving threats.
    • Work closely with development and infrastructure teams to address identified vulnerabilities.

    2. Defensive Security (Blue Team)
    • Manage threat detection, analysis, and response operations using SIEM, EDR, IDS/IPS, and cloud-native tools (eg. Goggle Workspace security, Palo Alto, AWS Security Hub, etc.)
    • Oversee threat-hunting programs to proactively identify and eliminate security threats.
    • Lead incident response activities, including investigation, containment, remediation, and post-incident analysis.
    • Continuously optimize detection rules, monitoring systems, and automated response workflows.

    3. Governance, Risk, and Compliance (GRC)

    Risk Management:

    • Conduct regular risk assessments, including risk identification, evaluation, and mitigation strategies.
    • Ensure risks are documented in the Risk Register and regularly reviewed.

    Third-Party Risk Management (TPRM):

    • Develop and manage a robust Third-Party Risk Management (TPRM) program.
    • Conduct due diligence assessments of vendors, suppliers, and service providers.
    • Ensure vendor compliance with security requirements, SLAs, and contractual obligations.

    Compliance and Policy Management:

    • Ensure adherence to regulatory standards such as ISO 27001, PCI DSS, SOC 2, and other relevant frameworks.
    • Act as the primary point of contact during audits and regulatory assessments.
    • Maintain and update security policies, standards, and procedures in alignment with industry best practices.

    Documentation and Reporting:

    • Develop and maintain comprehensive GRC documentation, including policies, procedures, reviews, logs, etc. and compliance reports.
    • Provide regular updates on risk posture, compliance status, and mitigation efforts.

    4. Business Continuity and Disaster Recovery (BCP/DR)
    • Lead the development, maintenance, and testing of Business Continuity Plans (BCP) and Disaster Recovery Plans (DRP).
    • Coordinate BCP/DR exercises to validate recovery strategies and identify areas for improvement.
    • Ensure systems and data backups are secure, tested, and compliant with retention policies.

    5. Security Awareness and Training
    • Design and implement cybersecurity awareness programs tailored for employees, contractors, and third-party vendors.
    • Conduct regular training sessions, phishing simulations, and security workshops.
    • Foster a security-first culture across the organization.

    6. Team Leadership and Mentorship
    • Manage a team of Red & Blue Team security.
    • Foster an environment of collaboration, accountability, and continuous improvement.
    • Set team goals, monitor performance, and support professional development.

    Requirements:
    • Minimum 6+ years of experience in cybersecurity, with 3+ years in a managerial role.
    • Extensive experience across offensive security (Red Team), defensive operations (Blue Team), and GRC practices.
    • Strong understanding of Technology Risk Management (ERM) and Third-Party Risk Management (TPRM) frameworks.
    • Hands-on experience with SIEM platforms, endpoint security, EDR tools, vulnerability management systems, and cloud security tools.
    • Proficiency in risk assessments, audit preparation, and policy documentation.
    • Solid understanding of ISO 27001, PCI DSS, SOC 2, GDPR compliance requirements.
    • Familiarity with BCP and DR frameworks and their practical implementation.

    Preferred Education and Certifications:
    • Diploma or Degree in fields like IT, computing, computer science, cybersecurity, etc.
    • CISSP, CISM, AWS Security, OSCP, Comptia Security+, CEH, etc.
    Benefits
    checkmark

    Competitve compensation and benefits packages

    checkmark

    Opportunity to work with a dynamic and innovative digital payments.

    checkmark

    Exposure to cross-functional collaboration and involvement.

    checkmark

    Mentorship and guidance from experienced professionals.

    Apply