Nor Aishah Abu Talib
IT Security Governance
Kuala Lumpur,MY
Summary
IT Governance and Security professional with over 6 years of experience in the financial industry. Good understanding of technology risk, IT controls, and regulatory requirements, including but not limited to BNM Risk Management in Technology ("RMiT"). Experienced in supporting risk assessments, incident reviews, audits, and policy compliance with recent hands-on focus in cybersecurity operations specifically on Vulnerability Management and DevSecOps.
Overview
13
13
years of professional experience
Work History
IT Security Governance Officer
Kenanga Investment Bank Berhad
03.2025 - Current
- Coordinate internal and external IT audits, including preparation, evidence collection, remediation tracking, and timely closure of findings for continuous control improvement.
- Work closely with Risk and Compliance teams to drive Risk and Control Self-Assessments (RCSA), actively resolving issues, and addressing control findings.
- Support IT security initiatives by ensuring compliance with regulatory requirements (e.g., BNM, SC) and internal policies, with recent hands-on experience in cybersecurity operations focused on Vulnerability Management and DevSecOps.
IT Governance
MNRB Holdings Berhad
01.2019 - 02.2025
- Develop and maintain IT and cybersecurity governance policies aligned with regulatory requirements and industry best practices, ensuring clarity, control, and ownership across technology domains.
- Deliver timely reports on key technology developments to management and regulatory bodies (e.g., BNM, KRI, IT Steering Committee).
- Coordinate IT risk assessments for new implementations and significant changes, including cloud adoption, and shifts in the cyber threat landscape.
- Periodically review the IT risk register to ensure alignment with the organization's risk appetite, and provide assurance to the Risk Management Department on risk acceptability.
- Support periodic compliance assessments and gap analyses to ensure adherence to internal policies, industry standards, and external regulatory obligations, resulting in improved risk posture and audit readiness.
- Coordinated internal and external IT audits, including evidence gathering and remediation tracking, ensuring timely closure of audit findings.
- Assume the role of Data Custodian to investigate and review IT-related data leak incidents.
- Maintains and updates the Disaster Recovery Plan (DRP) manual, coordinates DRP activities, and assists in reviewing the Post Test Analysis Report (PTAR) to ensure continuous improvement.
- Coordinate and prepare vendor performance reports for management, while assisting in due diligence processes for new and prospective vendors, ensuring compliance with relevant regulatory requirements from time to time.
- Deliver periodic awareness sessions to IT teams on governance structures, operational processes, and procedures to ensure alignment with regulatory requirements, industry best practices, and compliance standards.
Application Analyst With PMO/BA Role
MNRB Holdings Berhad
01.2016 - 12.2018
- Play a business analysis role to translate business requirements into technical specifications.
- Manage small to medium-scale IT projects from initiation to closure (e-MACS System, Data Centre Relocation, Mobile Device Management, Board Meeting Solution, IT Service Management solution among others.
- Entrusted with the PMO role to establish project management best practices.
- Provide awareness to the team about the project management process.
- Manage project reporting for ICT projects to management.
Application Developer
MNRB Holdings Berhad
07.2012 - 12.2015
- Developed custom in-house solutions for business users based on their unique business requirements and objectives using Microsoft Access & Visual Basic interface application
- Provide system support for reinsurance, customer relationship management (CRM) and tax system.
Education
Bachelor's Degree - Computer Science
International Islamic University Malaysia
Selangor 04.2001 -
Skills
IT Policies & Procedures
Regulatory Requirement
Control Frameworks & Standards
IT General Controls
IT Infrastructure and Cyber Security
Risk Assessment
Timeline
IT Security Governance Officer
Kenanga Investment Bank Berhad
03.2025 - Current
IT Governance
MNRB Holdings Berhad
01.2019 - 02.2025
Application Analyst With PMO/BA Role
MNRB Holdings Berhad
01.2016 - 12.2018
Application Developer
MNRB Holdings Berhad
07.2012 - 12.2015
Bachelor's Degree - Computer Science
International Islamic University Malaysia
04.2001 -
Similar Profiles
PHUI PHUI LIMPHUI PHUI LIM
Assistant Vice President at Kenanga Investment Bank BerhadAssistant Vice President at Kenanga Investment Bank Berhad
Ahmad Syaza Hazmi Bin Mohamed NasirAhmad Syaza Hazmi Bin Mohamed Nasir
Senior Associate, Institutional Sales at Kenanga Investment Bank BerhadSenior Associate, Institutional Sales at Kenanga Investment Bank Berhad
Muhammad AliffMuhammad Aliff
Data Security Analyst at Kenanga Investment Bank BerhadData Security Analyst at Kenanga Investment Bank Berhad
Marliana Binti MuhammadMarliana Binti Muhammad
Quality Manager at W Kuala LumpurQuality Manager at W Kuala Lumpur
VICTOR SOO ZHEN WUVICTOR SOO ZHEN WU
Senior Systems Engineer at JOS (MALAYSIA) SDN. BHD.Senior Systems Engineer at JOS (MALAYSIA) SDN. BHD.