Information Technology Security Manager
Salary undisclosed
Apply on
Original
Simplified
ROLES & RESPONSIBILITIES:
Risk Assessments, Audit and Regulatory Management
- Facilitate Technology related audit engagements with internal auditor, statutory auditor and regulator, following up with relevant parties to ensure all issues identified are remediated.
- Drive annual IT risk and control self-assessment exercises according to MAS regulatory notices/guidelines, internal enterprise IT policies, and standards.
- Coordinate independent reviews of the entities’ compliance against various info sec and technology risk regulations such as MAS TRM Guidelines, MAS 132 Notice on Cyber Hygiene and MAS 127 Notice
- Support in the divisions’ risk and controls assessment exercises, and quarterly internal controls for financial reporting controls assessments.
- Support the assurance initiatives under the First Line of Defense to uplift the technology and cyber controls' landscape for the Company.
Information Security & Technology Risk Metrics
- Support the alignment of various information security and technology risk metrics for management reporting and issue.
- Review and assess collated metrics and material for consistency checks and trends.
Policy, Standards and Exception Management
- Communicate material changes to internal policies/standards to partners. Facilitate risk evaluations and exception handling to deviations from the policies, standards and regulatory requirements.
Risk & Compliance Initiatives
- Assist in enterprise-wide risk and compliance coordination for Technology division, where applicable.
This is an individual contributor role, with opportunities for lateral development within the function.
REQUIREMENTS:
Experience
- 5 - 6 years of relevant work experience, including at least 3 years in IT audit, risk management, compliance and/or governance roles, with particular expertise and knowledge of governance reporting of technology risk issues and cybersecurity.
- Rich working experience from financial industry, big tech firms or established auditing firms will be considered favorably.
- Experience and exposure in info sec standards such as ISO27001, SOC2 or PCIDSS will be an advantage.
Certifications/licenses
- Preferably a holder of one or more of the following information security and audit qualifications: Security+, CEH
- Candidates with advanced level qualifications such as CISSP, CISA, CRISC, CCSP will have added advantage.
Similar Jobs