IT Risk & Compliance Officer - Governance operations & processes

Stakeholder

Type

Available options:

Cooperation

Persuasion

Information

Frequency

Available options:

Continuous (daily or a number of times a day)

Frequent (about once a week)

Occasionally (once or twice a month or less)

Tech business function and other business units

Cooperation

Partner with risk owners by providing guidance and support in designing and implementing appropriate controls to strengthen the control environment, mitigate the company risks and support the business in achieving objectives.

Identify control gaps, based on identified risks.

Facilitate and participate in cross functional groups to implement or enhance controls in cross functional processes.

Support risk owners in standardizing & improving process and controls documentation

Support business functions and units in ongoing compliance with SOX, PCI, GDPR and other control areas.

Conduct risk assessments and document the outcome and action plans.

Continuous

Compliance, Monitoring and Assurance

Information

Inform of new IT control implementations for tracking and reporting.

Frequent

Risk Governance & Projects

Information

Report the outcome of assessments for risk monitoring and reporting.

Frequent

Subject Matters Experts (SMEs) e.g. Security, Fraud, Privacy, Legal, etc.

Cooperation

Obtain guidance and support for the implementation of IT controls in different regulatory domains.

Frequent

Internal & External audit

Cooperation

Support Internal and External audit engagements to ensure that remediation plans are implemented on a timely basis for any deficiencies found.

Support SOX and PCI audit cycles.

Frequent

Level of Education

Available options:

Not required

Specialized Diploma

Bachelor degree

Master degree

PhD

Bachelor degree

Years of relevant Job Knowledge

Available options:

Limited Job Knowledge (0 - 1 year)

Basic Job Knowledge (1 - 3 years)

Broad Job Knowledge (3 - 5 years)

Advanced Knowledge (5 - 8 years)

Extensive Knowledge (8 - 12 years)

Substantial Knowledge (12 + years)

Broad Job Knowledge (3 - 5 years)

Requirements of special knowledge/skills

• Work experience in business analysis, auditing, corporate governance, risk management or internal controls
• Knowledge of control frameworks such as NIST , PCI-DSS, SOX, SWIFT etc.
• Hands on experience in risk operational processes
• Ability to develop solid relationships with business partners in order to drive the adoption of the risk management culture.
• Hands on experience with large e-commerce or tech companies preferable, especially within the first-line of defense
• Strong knowledge and work experience in Technology Risk domains (Cybersecurity, Privacy, Third party, Fraud, Trust & Safety)
• Thorough technical understanding of internal control requirements and design and experience in applying them in various businesses
• Able to translate regulatory and risk-related functional and technical requirements for engineering teams to develop secure products, services and solutions.
• Able to split large tasks into logical, manageable and decoupled actions which are managed effectively and delivered on time.
• Be flexible and agile in response to the change in business, change in stakeholder expectations and/or change in regulatory/operating environment of B.com.
• Strong independent contributor, while still a strong team player
• Previous experience in software development, software engineering is a plus
• Strong communication skills; fully comfortable working in English, both written and spoken.