Job
Description
Role : IT Risk & Control Specialist Responsibilities The candidate will be responsible for: Conduct technology risk assessments/audits, identify potential gaps, create action plans and recommendations for mitigation. Track the actions until completion, and ensure that senior management / committees within the region are kept up-to-date on the progress. Provide consultative guidance on the prioritization of remediation efforts. Coordinate IT requests from regulators, obtaining responses from stakeholders. Coordinate the issue and exception/acceptance processes, including self-reported issues. Support the assigned team in gathering information and preparing for all tech risk related reporting and meetings, i.e., internal and external audit, regulatory interaction, etc. Stay knowledgeable of laws, rules, regulations and current advances in all areas of information technology concerning APAC. Continually improve the quality of the risk management – through evaluation of cybersecurity, vulnerabilities, business continuity, outsourcing and other technology risks. Evaluate policies, standards, processes and procedures for completeness and recommend enhancements. Work with regional and global teams to understand / influence risk framework, represent regional needs and help resolve challenges. Qualifications At least 3 to 5 years of experience in IT Risk, Compliance, Audit and/or InfoSec. Experience in performing IT Audit and reviewing IT controls, framework, policies and standards. Experience in understanding design and operating effectiveness of IT controls and industry related frameworks. Significant knowledge in 2 or more areas: Application Security, IT Governance, IT Compliance & Audit, Identity & Access Management, Cloud Security, Asset Security, Threat/Vulnerability Management, BCM & DR Has a good understanding of international standards on Technology Risk Management. Excellent time management and ability to oversee multiple processes, action plans and key stakeholders simultaneously. Drive to execute and ability to solve challenges independently as well as drive initiatives to completion. Excellent stakeholder management, communication (verbal and written), presentation and advisory skills. Desired skill-set: IT Audit experience Information risk and/or security qualification (CISA, CISSP, CRISC, CISM, CCSP or equivalent preferred) Knowledge of ISO, NIST CSF, COBIT, COSO, SOX, SOC, etc. Show more Show less
