Executive Officer, GT-TSS, Privilege Access Management MY

Job Purpose *
CSA-PAM team (Privilege Access Management) play a critical role as the custodian of Privileged IDs for CIMB applications, servers, databases, infrastructure components and cloud services.
The role involves managing privileged identities, onboarding systems, supporting password lifecycle management, and assisting with audit and compliance activities.
This role provides exposure to enterprise security controls, cloud privileged access, and secrets management.

Job Description *
Privileged Identity Lifecycle Management
•    Create, modify, and delete privileged IDs in accordance with SOP
•    Perform PID handover validation
•    Support periodic access review
Server & Application Onboarding
•    Onboard servers, applications, and network devices into PAM
•    Configure access policies and credential management settings
•    Support onboarding of cloud and SaaS resources (where applicable)
Password & Credential Management
•    Manage password vaulting and rotation
•    Perform manual password updates for non-automatable systems
•    Support secrets lifecycle activities (where applicable)
Operational Support
•    Respond to access-related incidents and user queries
•    Support after-office hours or maintenance window activities when required
•    Escalate issues appropriately based on risk and impact
Audit & Compliance Support
•    Prepare audit evidence and reports
•    Support remediation activities arising from audit findings

Job Specification *
Qualifications 
(Basic Degree/Diploma etc)    Bachelor’s Degree in Computer Science / Information Technology or equivalent.
Professional Qualification and/or Regulatory, Licensing requirements      •    Security industry certifications such as CISSP, CISM or CEH would be added advantage.
Relevant Work Experience     •    Minimum 1–2 years of experience in IT operations, infrastructure, or security.
•    Fresh graduates with strong technical foundation may be considered.

Key Dimension of Impact *
Non-Financial Impact
•    Supports PAM operations covering approximately 4,800+ enterprise resources, forecasted to grow to 9,000+ by 2027.
•    Manages and supports over 38,000 privileged IDs, projected to exceed 80,000 by 2027.
•    Handles approximately 180–200 privileged access-related requests per month.
•    Processes ~70 privileged ID lifecycle management requests per month.
•    Supports onboarding of new systems and applications into the enterprise PAM platform (average 11 requests per month)
•    Contributes to audit readiness and supports multiple audit engagements annually.
Financial Impact
•    No direct budget ownership.
•    Indirectly supports protection of enterprise systems critical to business operations through effective privileged access controls.

Required Competencies and Skills *
Competencies/Skills 
(Essential to succeed in this job)
    Technical/Functional skills
•    Understanding of Windows/Linux user account management
•    Knowledge on AS400 and Mainframe security would be a plus
•    Basic knowledge of Active Directory / LDAP
•    Familiarity with cloud platforms (AWS, Azure, etc) is an advantage
•    Understanding of access control concepts (RBAC, least privilege)
•    Excellent communication skills, both oral and written
•    Knowledge of security best practices and concepts
•    Strong knowledge and vast experience in certain technology may be substituted for above skills

Personal skills (Soft Competencies [Core/Leadership])
•    Able to handle sensitive information responsibly
•    Good communication skills for cross-team coordination
•    Willingness to learn and grow in cybersecurity domain
•    Highly result oriented and can work independently
•    Proactive rather than reactive
•    Team player with good interpersonal skills
•    Ability to work under pressure to tight timelines
•    Good analytical, technical, written and communication skills