Irwan Shah Yahya

Experience

• 

  Kuad Sdn Bhd

  Apr 2007 - Apr 2012

  Performance Monitoring cum ICT

  - To manage company Information Technology comprising of networks, systems & IT related in order to facilitate company with appropriate infrastructure. - To administer and monitor systems prerequisite such Active Directory, network firewall, Attendance & Time Management System (ATIMS), Integrated Finance Management System (IFMS), Human Resource Management System (HRMS) & primary system Quarry Weighing Management System (WINS)- Provides technical support and expertise in the installation and maintenance to ensure effective hardware and software performance.- Evaluates and recommends hardware and software products based upon factors such as cost effectiveness, existing capacity, and integration with the desired environment.- Participates on special projects to meet department objectives.- Contributes to assigned functional projects by completing assigned tasks.- Maintains relationships with local vendors and negotiates pricing to ensure maximum value for minimum cost.- To manage ICT Expenditure & Inventory Survey. - Perform preventive maintenance according to standard checklist and guidelines.- To engage with planning, testing, implementation and operation of thin client desktop environments including upgrading works, software distribution, updating anti-virus solutions and security patches, while ensuring that change procedures are followed.- Additional Supports : i) To develop system for company performance as a tool for decision making. (Company Performance Monitoring)ii) To assist HRA department such coordinating events management & improve on company’s medium communication & image; provide company’s bulletin, coordinating Employee Climate Survey (to attain feedback from all personnel on communication skill, services facilities, job opportunity & policy implementation), to involve in coordinating CSR programs/events such as Bersamamu TV3, jersey sponsorship for SMK Guar Perahu, Collective Agreement ceremony (Union staff), charity etc. Show less

• 

  UEM Sunrise Berhad

  Apr 2012 - May 2022

  Senior Digital Security Executive

  Infra - Security- Ensure that all ICT hardware and network are operating and running efficiently; and all processes are in compliance as per standard company’s requirement.- To support in developing & analyzing company’s ICT infrastructure and operations including the effects of changing business environment of the company.- To work with the management’s team / business users to determine the objectives and scope for each ICT infrastructure project.- Second Level Support and focus more on Infrastructure and End-User Computing Preventive Maintenance, as well as Continuous Improvement Initiatives- Participate in risk management assessments in evaluating the data and system’s sensitivity, identify potential risks, and mitigation strategies.- To involve in deployment of latest technological solutions, equipment, hardware, software and systems to increase the efficiency and impacts on organizational business operations.- To assist the Unit Head for the development and implementation of new ICT projects or enhancement of the existing ICT systems as part of working culture improvement initiatives.- Plan, install, test and maintain equipments/products, and the development and implementation of disaster/recovery procedures.- Preservation maintenance of ICT infrastructure such as Local Area Network, Wide Area Network, Internet connectivity, Virtual Private Network, Wi-Fi, servers, personal computers, printers, security/network equipment and etc, including troubleshooting & problem solving, capacity & performance planning, configuration, systems and network readiness, performance monitoring & tuning, security and backup solutions. - To monitor and manage the Cisco Management System which include the stability of CUCM for Voip telephony system and UCCX/Finesse system for Customer Call Centre solution. - To engage with Corporate Communication on Security Awareness by producing Comms/Wallpaper/Poster to all staff. Show less

• 

  Public Mutual Berhad

  Jun 2022 - Jan 2024

  Cyber & IT Risk Management

  Assists in the development and implementation of IT/Cyber risk management policies & guidelines to identify, mitigate and monitor IT/Cyber risk. Analyzes IT/Cyber loss event data and key risk indicator trends and prepare risk reports for internal and/or regulatory reporting. Reviews new / existing operational manuals, processes and procedures to ensure adequate controls are put in place before products / activities are introduced or undertaken by the Company. Assist the Head of Department of Risk Management Division (RMD) to co-ordinate and provide support to the Management Risk & Compliance Committee (MRCC), Risk & Compliance Committee (RCC-)and Board of Directors in carrying out their functions and terms of reference. To participate in the development and implementation of IT/Cyber risk management policies/ guidelines in identifying, assessing and monitoring IT/Cyber risks. To review new/enhanced IT/Cyber risk-related operational manuals, processes, procedures and practices to ensure adequate procedures and controls are put in place. To review the IT/Cyber risk management reports and procedures / practices implemented by the various business and support units prior to tabling at the risk committees for deliberation and approval. To review system modification requests submitted by business and support units to ensure potential IT risks arising from enhancements of systems are properly managed. To provide guidance and support to 1st line of defence (e.g. IT Division) in conducting RCSA including business processes mapping, assessment of IT/Cyber risk, identification of controls and evaluation of control adequacy and effectiveness. To support the Company’s business through appropriate risk management assessment to control effectiveness via Key Risk Indicators, Loss Data Collection, Risk and Control Self­ Assessment and Scenario Analysis. To assist in performing analysis on cyber threats and risk assessment on potential cyber­attacks. Show less

• 

  CIMB

  Mar 2024 - now

  DCORO

  - Support and ensure the Division/Department has an effective first line of defense risk management program.- Help the RCU comply with all banking laws, rules, regulations, and internal policies. - Support risk and compliance management, ensuring risks are identified, measured, and managed according to regulations and internal policies. - Support the CET for new controls from the development of the new L1/2/3/4 Document. - Help manage operational and regulatory risks for sub-business units. - Implement the operational risk framework with RCU support as per Group Non-Financial Risk Management (GNFRM) and Group Compliance (GC) requirements. - Identify and track risks and obligations in day-to-day operations (e.g., RCSA, KRIs, LED, CIM, RCA), ensuring timely and comprehensive risk identification. - Review L1/2/3/4 Document to ensure processes are documented before submitting to the Head of Department for approval and RCU for review. - Monitor the implementation of the L1/2/3/4 Document within CIM, noting any gaps or control weaknesses. - Track the implementation of key controls in the L1/2/3/4 Document through RCSA in the SHARP and ITRM System. - Review and update controls based on changes in the risk and compliance environment, or internal risk appetite and observations from risk events or control failures. - Ensure RCSA is completed timely and thoroughly, assessing each key risk using the Group Risk Library and KRIs. - Perform Controls Effectiveness Testing (CET) to confirm controls are effective and working as intended. - If controls are ineffective in RCSA, CET, or other reviews, raise a CIM (Control Issue Management), address the root causes, and improve controls through a remediation plan. - Executing accurate attestations by providing sample attestations and reviewing content to ensure it meets regulatory requests. - Monitor the completion of action plans to ensure issues are addressed and close them once resolved. Show less