Role
The Day-To-Day Activities
1. Compliance Oversight for IT & Network Core
• Ensure compliance with regulatory and industry requirements applicable to telco and IT environments (e.g., MCMC regulations, PDPA, ISO 27001, ISO 22301, PCI DSS and other applicable industry requirements).
• Assist Network Division compliance audits on IT infrastructure, IP/PS Core elements, EPC/5GC, IMS, DNS, CGNAT, firewall systems, and network management platforms.
• Assist Technology Governance unit to maintain technical policies and standards covering IT, network security, change management, access control, and service continuity.
• Assist Technology Governance unit on tracking the audit findings and ensure timely closure with technical teams.
2. Technology & Network Risk Management
• Assist on identifying and assess risks across IT systems and telecom core platforms (e.g., packet core, signalling, routing, subscriber databases).
• Maintain and update technology risk registers, focusing on cybersecurity, network outages, capacity risks, IT vendor dependency, and system obsolescence.
• Coordinate and manage deep-dive risk reviews for critical platforms (PCRF, HSS/UDM, UPF/SGW/PGW, IP/MPLS backbone, AAA, DNS, etc.) led by Enterprise Risk Management.
• Evaluate risks related to information security, information systems, network & infrastructure upgrades, migrations, virtualization (NFV, Hypervisor, Cloud), and cloud transformations.
3. Internal Controls & Monitoring
• Establish technical controls aligned with ISO 27001 Annex A, NIST CSF, CIS benchmarks, and telco-grade operational standards.
• Conduct periodic validation of controls such as:
o Access and privilege management (IT & network)
o Configuration hardening for routers, firewalls, EPC/5GC nodes
o Patch & vulnerability management
o Change and release management
o Logging, monitoring, and cyber event correlation
• Review system logs, change records, and security Alerts for compliance adherence.
4. Policy, Standards & Governance
• Assist Technology Governance unit to develop and maintain policies specific to IT and network environments, not limited to the below:
o IT Security Policy
o Critical System Access Policy
o IT General Controls (ITGC)
o Other sub-category of policies
• Support governance committees (Risk Committee, Security Council, Audit Committees).
5. Incident & Problem Management Compliance
• Assess compliance errors and control lapses contributing to network or IT incidents.
• Participate in incident investigations involving outages, security events, or service disruptions impacting IT and core network functions.
• Assist on review RCA (root cause analysis) reports for completeness and compliance requirements.
6. Vendor, Third-Party & Regulatory Compliance
• Evaluate risks for third-party systems, managed services partners (e.g., MSS, NOC outsourcing), and vendors for core equipment.
• Ensure contractual compliance for IP/PS core components and IT infrastructure.
• Work with regulators (e.g., MCMC) during audits, investigations, and compliance reporting.
7. Reporting & Stakeholder Management
• Prepare compliance dashboards, risk reports, and network/IT governance updates for senior leadership.
• Provide briefings to Cybersecurity, IT Ops, Network Engineering, and regulatory teams.
• Deliver training and awareness on compliance requirements specific to IT and telecom networks.