Tech Risk Governance (Senior Manager)

Job Title: Tech Risk Governance (Senior Manager)
Contract Type: Contract
Location: Malaysia
Start Date: ASAP
Reference: RS-TechRiskGSM
Contact Name: Ross Stubbs
Contact Email:
Job Published: July 02, 2020 11:29

Job Description

Ross is looking for a Tech Risk Governance Senior Manager to work in Malaysia on a year's contract.


As a senior member of Technology Risk Governance, you will design, implement and execute an effective process to address and support audit and regulatory engagements at Group and BU level. 



- Working with GIA and BU TR teams, maintain oversight of on-going and upcoming audit/regulatory assessments supported or to be supported by the team.

- For Group level cybersecurity-related audits, represent Group Technology Risk (GTR) and manage all aspects of in-scope matters including planning, fieldwork, discussion/confirmation of findings etc.

- For local BU cybersecurity-related audits, represent Group Technology Risk to support and provide guidance to local BU TR team for GTR managed processes.

- Responsible and accountable for ensuring that all GTR information submitted to auditors or regulators are verified and are factually accurate.

- Working with responsible GTR teams, be responsible and accountable for ensuring that all draft audit or regulatory findings on GTR processes are appropriately validated for factual accuracy before confirmation.

- Working with responsible GTR teams, ensure action plans defined addresses root cause of findings with the aim of avoiding a repeated finding. 



- Degree in Computer Science or related discipline
- 10+ years’ experience in IT audit, preferably internal and within insurance business.
- Excellent written and verbal communication skills and ability to escalate timely to management.
- Strong knowledge of Technology Risk Standards and Industry Standards frameworks such as ISO 27001 and NIST.
- Strong knowledge of regulatory requirements as related to Information Security and Technology Risk
- Familiarity with information security controls and technical knowledge in areas such as Infrastructure security, Application Security, Cyber Security, Identity and Access Management
- Certified Information System Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC) preferable.
- Staff management experience required.
- Occasional travel is required.


Communication requirements:

- Excellent command of written and spoken English
- Can present at C level committees
- Cantonese/Mandarin are desirable.


PLEASE NOTE - Due to current conditions, the client is only looking to hire Malaysian nationals.