Tech Risk Governance (Senior Manager)

Ross is looking for a Tech Risk Governance Senior Manager to work in Malaysia on a year's contract.

As a senior member of Technology Risk Governance, you will design, implement and execute an effective process to address and support audit and regulatory engagements at Group and BU level. 

Responsibilities:

- Working with GIA and BU TR teams, maintain oversight of on-going and upcoming audit/regulatory assessments supported or to be supported by the team.

- For Group level cybersecurity-related audits, represent Group Technology Risk (GTR) and manage all aspects of in-scope matters including planning, fieldwork, discussion/confirmation of findings etc.

- For local BU cybersecurity-related audits, represent Group Technology Risk to support and provide guidance to local BU TR team for GTR managed processes.

- Responsible and accountable for ensuring that all GTR information submitted to auditors or regulators are verified and are factually accurate.

- Working with responsible GTR teams, be responsible and accountable for ensuring that all draft audit or regulatory findings on GTR processes are appropriately validated for factual accuracy before confirmation.

- Working with responsible GTR teams, ensure action plans defined addresses root cause of findings with the aim of avoiding a repeated finding. 

Requirements:

- Degree in Computer Science or related discipline
- 10+ years’ experience in IT audit, preferably internal and within insurance business.
- Excellent written and verbal communication skills and ability to escalate timely to management.
- Strong knowledge of Technology Risk Standards and Industry Standards frameworks such as ISO 27001 and NIST.
- Strong knowledge of regulatory requirements as related to Information Security and Technology Risk
- Familiarity with information security controls and technical knowledge in areas such as Infrastructure security, Application Security, Cyber Security, Identity and Access Management
- Certified Information System Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC) preferable.
- Staff management experience required.
- Occasional travel is required.

Communication requirements:

- Excellent command of written and spoken English
- Can present at C level committees
- Cantonese/Mandarin are desirable.

PLEASE NOTE - Due to current conditions, the client is only looking to hire Malaysian nationals.