We have an excellent career opportunity to expand your technical expertise in Information Technology Risk and Security domain with an established organization.
You will be responsible for creating and implementing policies and guidelines to protect the business against cyber threats and other technological risks, as well as spreading awareness to promote a secure system throughout the business.
Degree in Computer Science, Computer Engineering or Information System;
At least 10 years of experience in the area of Technology Risk Management, IT Audit and Cyber Security;
Exposure to Information Technology Risk Management assessment, processes, framework, policies and standards;
Familiar with industrial security standards and practices such as NIST, SANS, ISO 27001/2, COBIT;
Good knowledge on technology risk management for IT infrastructure, application development and data loss prevention;
Strong experience in IT audit, internal controls and IT security controls;
Familiar with industry standard Regulatory Requirements for Technology Risk and Cyber Security;
Experienced in managing multiple stakeholders in order to promote security policies and standards;
Excellent communication, presentation, and advisory skills;
Up to date knowledge on the latest security threats and new technologies.
CRISC, CISA, CISSP Certification.
Design and promote Technology Risk Management frameworks, policies, standards and guidelines towards pro-active, data-driven and more anticipatory approach;
Lead and drive the transformation of Risk Management by identifying opportunities to automate, conduct technical feasibility and implement projects and enhancements as well as adoption of new and emerging technologies;
Provide advice on appropriate security measures and safeguards for different technologies across the business;
Develop risk analytics model, conduct risk assessment and provide insights on the current stage and suggest areas of improvement;
Propose and maintain risk metrics including dashboards and risk reporting;
Co-ordinate and conduct IT asset reviews, risks assessments and reviews to identify any cyber risks;
Assist in driving the Technology Risk Management road map to promote awareness on technology risk, cyber security to multiple stakeholders;
Analyse risk assessments results and develop effective plan to mitigate and treat risks;
Able to present the risk assessment in layman and business terms to the senior management and C-level executives.