Governance, Risk and Compliance Specialist

Donaldson

  • Kuala Lumpur
  • Tetap
  • Sepenuh masa
  • 1 jam lepas
Donaldson is committed to solving the world’s most complex filtration challenges. Together, we make cool things. As an established technology and innovation leader, we are continuously evolving to meet the filtration needs of our changing world. Join a culture of collaboration and innovation that matters and a chance to learn, effect change, and make meaningful contributions at work and in communities. ​Job PurposeThe Governance, Risk and Compliance Specialist supports global initiatives in IT and Information Security governance, risk, and compliance (GRC). This role is responsible for implementing and maintaining an ISO 27001-based Information Security Management System (ISMS) to ensure Donaldson has effective cyber and data protection controls in place to minimize risk.Key responsibilities include defining the ISO scope, identifying information assets and associated risks, conducting compliance assessments, and coordinating remediation plans. The analyst will also develop and deliver ISO 27001-based training tailored to IT, operational, and business needs to enhance organizational awareness and alignment with security standards.This position collaborates with cross-functional teams—including Finance, Legal, Compliance, and Privacy—to document and track risks. It also contributes to regulatory and standards-based assessments (e.g., SOX, PCI, NIS2) to evaluate Donaldson’s compliance posture and guide the organization toward required controls.Additionally, the role involves performing comprehensive risk management tasks such as risk assessments, tracking, remediation follow-ups, and the development of risk metrics to support informed decision-making and continuous improvement.Key Accountabilities
  • Assess, rate, and prioritize security risks against Donaldson criteria, industry standards, and regulatory requirements.
  • Perform assessments to uncover where Donaldson does not meet the ISO 27001 standard.
  • Identify the information assets that need protection and the processes that need to be included in the ISO Information Security Management System (ISMS).
  • Identify the risks to the information assets and evaluate their impact.
  • Identify ISO control gaps and coordinate remediation plans.
  • Educate organization levels (executive on down) on the ISO requirements and how to align with the standard.
  • Perform compliance and regulatory control assessments. Assessments include evaluation of controls, creation and implementation of questionnaires and evidence gathering, report writing of findings, and verbal presentation of findings or issues with internal stakeholders.
  • Collaborates with multiple departments in supporting compliance, governance, policies, and assessments.
  • Perform evaluation of technical, administrative and physical controls.
  • Ability to create and implement assessment questionnaires and evidence gathering, control testing, report writing of findings, and verbal presentation of findings or issues with internal stakeholders and executives.
  • Capability to map out compliance requirements including international regulatory requirements, internal policies, procedures, standards and guidelines.
Key Qualifications & RequirementsQUALIFICATION:
Bachelor’s degree in IT, Accounting, Finance, Business or related field and/or corresponding experience in necessary knowledge and skills of the positionEXPERIENCE:
  • Minimum 5 years of professional level IT, information security, cyber controls.
  • Relevant experience in the Governance, Risk and Compliance, IT and security controls assessments.
  • ISO 27001/02 experience.
  • Information security auditing a plus.
  • Strong written and verbal communication and presentation skills, and ability to work with all levels of the organization.
  • Excellent teamwork skills.
  • Team player with the ability to work independently.
  • Resourceful, energetic, self-starter, flexible, goal-oriented
  • Strong personal integrity
  • Knowledge of regulatory or security standards a plus (SOX, PCI, SWIFT, NIS2, CMMC, China MLPS, TISAX).
Employment opportunities for positions in the United States may require use of information which is subject to the export control regulations of the United States. Hiring decisions for such positions are required by law to be made in compliance with these regulations. Applicants for employment opportunities in other countries must be able to meet the comparable export control requirements of that country and of the United States.Donaldson Company has been made aware that there are several recruiting scams that are targeting job seekers. These scams have attempted to solicit money for job applications and/or collect confidential information, Donaldson will never solicit money during the application or recruiting process. Donaldson only accepts online applications through our website and any communication from a Donaldson recruiter would be sent using a donaldson.com email address. If you have any questions about the legitimacy of an employment opportunity, please reach out to to verify that the communication is from Donaldson.Our policy is to provide equal employment opportunities to all qualified persons without regard to race, gender, color, disability, national origin, age, religion, union affiliation, sexual orientation, veteran status, citizenship, gender identity and/or expression, or other status protected by law.

Donaldson