Back to candidate list
Default Avatar
Candidate Name
Information Security & Compliance Lead
Malaysia
Summary

I’m a Cybersecurity Governance, Risk & Compliance (GRC) Specialist with over 5 years of hands-on experience implementing ISO 27001-aligned information security programs and strengthening enterprise risk and compliance posture across diverse industries.

I specialize in policy governance, risk management, internal audits, and data protection, helping organizations maintain secure, audit-ready environments aligned with frameworks such as NIST RMF, SOC 2, and GDPR.

At Thina Entertainment, I led the development of the organization’s Information Security Management System (ISMS), authored over a dozen governance and security policies, and conducted internal audits and risk assessments to maintain continuous improvement and control maturity. My work bridged creative operations and secure information governance, ensuring compliance, resilience, and digital asset protection.

Currently, I consult as an Independent GRC Practitioner, delivering ISO 27001 gap assessments, preparing Statements of Applicability, managing risk registers, and developing policy suites that embed security-by-design into daily operations.

Key Competencies

-Information Security Governance & Policy Development
-Risk Assessment, Treatment & Mitigation
-Internal Audits & Compliance Monitoring
-Data Protection & Privacy Management
-ISO 27001 Implementation & Audit Readiness
-Vendor & Third-Party Risk Management
-Security Awareness & Compliance Training

Work experience
01/04/2024
Independent GRC Practitioner | ISO 27001 Implementation, Risk Governance & Audit Readiness
01/01/2020
01/03/2024
Information Security & Compliance Lead (ISO 27001 / GRC Implementation)
01/01/2018
01/12/2019
IT & Digital Solutions Consultant
Education & certifications
01/01/1998
01/12/1999
Diploma
Computer Science
Open to relocate
Skills
Governance Security Auditing Security Awareness Team Collaboration Network Security Encryption Security Operations Center (SOC) Python Automation Scripting Risk Management Risk Assessment Vulnerability Assessment Splunk Security Information and Event Management (SIEM) Log Analysis Threat Detection ISO 27001 Incident Response GDPR Data Loss Prevention (DLP) Cryptography Regulatory Compliance (GDPR, PCI-DSS, HIPAA) Business Continuity Compliance Information Security Cybersecurity Cloud Security AI Security CompTIA Security+ NIST Cybersecurity Framework COBIT PCI DSS Third-Party Risk Management Nessus Qualys Wireshark Power BI Security Awareness Training Data Privacy

You need to log in as an employer to view full candidate details.

Connect with us

© State Government of Victoria 2026.

TalentConnect platform is powered by Cturtle.