Tech Risk Governance (Senior Manager)
|Job Title:||Tech Risk Governance (Senior Manager)|
|Contact Name:||Ross Stubbs|
|Job Published:||July 02, 2020 11:29|
Ross is looking for a Tech Risk Governance Senior Manager to work in Malaysia on a year's contract.
As a senior member of Technology Risk Governance, you will design, implement and execute an effective process to address and support audit and regulatory engagements at Group and BU level.
- Working with GIA and BU TR teams, maintain oversight of on-going and upcoming audit/regulatory assessments supported or to be supported by the team.
- For Group level cybersecurity-related audits, represent Group Technology Risk (GTR) and manage all aspects of in-scope matters including planning, fieldwork, discussion/confirmation of findings etc.
- For local BU cybersecurity-related audits, represent Group Technology Risk to support and provide guidance to local BU TR team for GTR managed processes.
- Responsible and accountable for ensuring that all GTR information submitted to auditors or regulators are verified and are factually accurate.
- Working with responsible GTR teams, be responsible and accountable for ensuring that all draft audit or regulatory findings on GTR processes are appropriately validated for factual accuracy before confirmation.
- Working with responsible GTR teams, ensure action plans defined addresses root cause of findings with the aim of avoiding a repeated finding.
- Degree in Computer Science or related discipline
- 10+ years’ experience in IT audit, preferably internal and within insurance business.
- Excellent written and verbal communication skills and ability to escalate timely to management.
- Strong knowledge of Technology Risk Standards and Industry Standards frameworks such as ISO 27001 and NIST.
- Strong knowledge of regulatory requirements as related to Information Security and Technology Risk
- Familiarity with information security controls and technical knowledge in areas such as Infrastructure security, Application Security, Cyber Security, Identity and Access Management
- Certified Information System Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC) preferable.
- Staff management experience required.
- Occasional travel is required.
- Excellent command of written and spoken English
- Can present at C level committees
- Cantonese/Mandarin are desirable.
PLEASE NOTE - Due to current conditions, the client is only looking to hire Malaysian nationals.