An excellent opportunity be part of the Technology and Cyber risk (TCR) team of an established company within the Financial Sector.
- Degree in Information Technology, Information Systems or Computer Science;
- 5 to 8 years of experience in IT Risk Management, TRM and IT GRC related functions;
- Knowledgeable in technology risk methodologies, IT Security and cyber defence technologies;
- Good knowledge of enterprise IT systems and components (applications, operating systems, databases, networks, cloud, DevOps);
- Familiar with SDLC and Risk Control Self Assessment (RSCA) processes;
- Well-verse with MAS regulations (TRM, Outsourcing and ABS guidelines) and industry standards like ISO 27001, NIST, OWASP;
- Strong in analytical thinking with attention to detail;
- Excellent communication and inter personal skills.
- Professional Certifications like CISSP, CISA, CRISC, CGEIT;
- Prior experience in the financial sector.
- Contribute to the assessment , identification and mitigation of IT risks by leveraging knowledge and skills in technology;
- Assess the IT risks, evaluate efficiencies and manage the risk mitigation plans in accordance with the organization’s Risk Management Framework;
- Collaborate with business units (BU) and formulate appropriate IT controls in accordance with MAS TRM (Technology Risk Management) guidelines;
- Employ RCSA (Risk Control Self- Assessment) process to validate the control designs for their operational effectiveness;
- Identify new risk factors, key risk indicators (KRI) and metrics to be incorporated into the GRC (Governance, Risk management and Compliance) system;
- Perform due diligence on IT outsourced vendors and key IT service providers to ensure the implementation of IT controls and processes;
- Support internal and external technology related audits;
- Keep abreast of the latest developments in TRM and identify opportunities to increase IT operational effectiveness.