6 October 2020
Seeking IT Security professionals with a keen interest in Information Technology (IT) Risk and Compliance to enable cyber resilience and information security for mission critical systems.
- Degree in Computer Science, Information Security or Information Systems;
- At least 5 years of experience in IT security space with a strong experience in IT GRC ( Governance, Risk and Compliance ) related functions;
- Deep knowledge and understanding of internal controls, security frameworks, risk management and IT governance, auditing techniques and methodologies;
- Good knowledge of enterprise IT systems and components (applications, operating systems, databases, networks, cloud, DevOps;
- Familiar with industry standards related to IT Controls – ISO 27001, NIST, OWASP, Cloud Security;
- Strong in analytical thinking with attention to detail;
- Excellent communication and inter personal skills.
- CISSP, CISM, CRISC, CGEIT and/or CISA certified.
- Act as a Subject Matter Expert on IT Governance, Risk management and Compliance (GRC) and related policies and procedures;
- Plan, facilitate, support and managed the conduct of IT audits, third-party audits and review of project risk assessment;
- Conduct compliance assessments and tracking the overall compliance health in relation to IT governance standards and procedures in compliance with regulatory requirements;
- Collaborate with application development and external vendor teams to implement IT risk assessment checklists and operational IT Risk Controls;
- Continuously identify GRC Key risk indicators (KRI) and maintain IT Risk Register;
- Collaborate with stakeholders for risk management, mitigation and remediation measures;
- Liaise with internal and external parties for IT GRC related audits and facilitate timely remediation of issues;
- Keep abreast of the dynamic cyber threat landscape and identify opportunities for enhancement of IT risk processes;
- Provide regular updates on the overall health of compliance, criticality assessment, audit findings, remediation and action plans.