- Global opportunity
- Opportunities for career growth and development within the company
- Work from anywhere program
about the company
Our client is a stable local company, their business is all over the world, making it one of the leading companies in the market. With their long history of operation and high-quality products, they have been continuously growing their revenue and workforce on a regional scale.
...
about the job
- Analyzing and assessing IT risks, including data protection, project management, security by design framework, data management, network, and infrastructure, etc.
- Developing and implementing key risk indicators to monitor IT risks and suggesting corrective action plans to mitigate identified risks.
- Collaborating with IT system owners and department heads to understand risk exposure and addressing identified risks through appropriate treatment and mitigation plans.
- Maintaining and updating the IT departmental risk register for regular business reporting on the status of identified risks and recommended actions.
- Independently reviewing and enhancing risk dashboards and reports, based on a comprehensive understanding of business needs and technology risk requirements.
- Managing a Governance, Risk, and Compliance (GRC) tool to integrate IT risk and continuously monitor cyber-security risk in real-time.
- Serving as the primary point of contact for relevant risk parties and external professional services engaged to assess risk exposure and vulnerability. Monitoring and following up on the completion of findings.
- Creating, reviewing, and updating IT policies, procedures, and control assessments in response to identified risks.
- Overseeing IT vendor security risk and relationships through processes like the request for proposal (RFP) security assessment, risk acceptance forms, and vendor renewal.
- Developing and managing the IT Annual Risk Assessment Plan, covering applications, systems, processes, prospective solutions, existing systems, and potential suppliers.
- Leading and conducting phishing campaigns at least once a year for all offices.
- Undertaking any other duties as directed by the line manager.
- Serve as the main point of contact for the IT Annual Audit Plan, coordinating with IT Heads and Business Leaders to ensure smooth execution of audits.
- Take responsibility for scoping all IT Audits and assurance exercises, collaborating with staff and audit teams to coordinate fieldwork, reviewing, monitoring, and finalizing all audit findings. Additionally, track and report on subsequent findings to assess the department's capability to address relevant audit issues within reasonable timeframes.
- Cultivate strong relationships with both internal and external auditors, fostering an open and responsive channel between IT, General Affairs, and respective internal audit teams.
- Maintain comprehensive documentation related to IT Audit, covering various compliance obligations and potential risks.
- Review, recommend, and manage audit and regulatory changes within the IT domain.
- Collaborate with IT Heads to establish standard IT Standard Operating Procedures (SOPs) in accordance with audit and regulatory requirements. These SOPs should encompass Business-As-Usual (BAU) operations, data center operations, and software development lifecycle.
- Work with the IT Project Management team to ensure that the required IT Project/software development SOPs align with regulatory frameworks and guidelines. Conduct internal audits and assessments to ensure adherence to SOPs.
- Collaborate with the IT Services Senior Manager and IT Heads to ensure IT BAU SOPs/IT Infra SOPs meet required standards and guidelines. Conduct internal audits/assessments to ensure compliance with SOPs.
skills and experience required
At least 4 years of experience in Technology Risk Management (including cyber security) or technology audits.
Good working knowledge of security risk management and security governance methodologies, industry security standards such as ISO27001/2, CIS Critical Controls, NIST Cybersecurity Framework, risk management tools, technical vulnerability management, security technologies and trends and security operations
Good working knowledge of privacy and data protection laws and regulations (GDPR, PCI-DSS).
Professional security management certification (e.g., CRISC, CISA, CISM, CISSP) is desired.
Whats on offer
The permanent opportunity for an Information Security & Compliance Lead, will pay a salary range of $ 6,000 - $ 8,000 plus benefits. This opportunity offers hybrid working arrangement.
To apply online please use the 'apply' function, alternatively you can reach me at https://www.linkedin.com/in/Oliviatoh-032330132/. (EA: 94C3609 / R22109942)
