IT Risk and Governance

Job Description

IT Risk and Governance Selected candidate to support our client, APAC based Investment bank, in IT risk and governance profile. JOB SUMMARY: The client is seeking an experienced and proactive 1st line Risk and Governance candidate. The successful candidate will play a crucial role in Client’s Regional team in driving 1st line IT risk management, and Identity Access Management activities for all business units. KEY RESPONSIBILITIES Drive 1st line IT risk management activities regionally through annual RCSA review, user security awareness campaigns, key risk indicator (KRI) metric reporting, IT issue management, IT dispensation and support management in different steering committee or risk reporting forums. Support client’s compliances to APAC regulatory requirement on Technology Risk Management and Cyber Security through various governance activities. Management and support for Identity Access Management related projects, operations, risk, and compliance activities. Work with Group Information Security team to ensure alignment of local country security controls with regional and group policy/standard/guideline. Manage all internal/external audits and regulatory inspections for Singapore and provide advisory on IT RFIs for Country LBUs. Provide support to third party security risk assessment associated with third party vendors and clients. Work closely with stakeholders from business, IT, 2nd line enterprise/operation risk, and group/external 3rd line auditor to ensure effective security controls in place. EXPERIENCE / QUALIFICATIONS 5-10 years working experiences in information security and/or IT Risk areas, preferably within financial institution, or from consulting firm. Proficiency and in-depth knowledge and experience in identity and access management. Knowledge and experience in IT risk management and an understanding of regulatory requirements particularly in the following domains: security risk management, change management, data leakage prevention, application security, cloud security, vulnerability management, security monitoring, security incident response and 3rd Party Security Risk. A plus to have knowledge on Privacy (PDPA) Ordinance/requirement of APAC countries. Can work independently with ownership and able to work with multiple IT stakeholders/leaders, 2nd line (OPS risk) and 3rd line (IT Audit) stakeholders. Either one or more of below IT security certificates CISSP, CISA, CISM, CCSP OTHER TRAITS Possess excellent communication skills, with the ability to effectively convey messages to diverse stakeholders effectively at all levels in different geographies. Can effectively navigate through a complex environment undergoing change and managing internal and external stakeholders to resolve issues with objectives aligned. Ability to deliver work within tight timescales, to budget and to a high quality. Exhibit proactiveness in identifying, articulating, and remediating gaps and issues.