Manager & Senior Consultant (Governance, Risk & Compliance)

Job Summary and Mission This position contributes to the success of wizlynx group by performing the following: Oversee day-to-day GRC Teams' operation that include Singapore, Malaysia and Hong Kong during Asia-Pacific time zone Develop, drive and own Information Security Governance, Risk and Compliance practice Responsible for the business development and presales activities Meet clients to pitch GRC services alongside with Sales Responsible for the examination and analysis of internal controls and business risks by performing IT audit work, developing audit scope, procedures, and preparing audit reports for clients Lead and responsible for development and operational activities across the entire scope of our clients Security Governance, Risk and Compliance programs. The job encompasses leading and participating in the assessment of security, risks, and control effectiveness for applications, infrastructure, and technology projects. This consultant will identify, classify, and document control issues in our client's computing environment by documenting assessment results, recommending corrective action, tracking remediation, evaluating policy and control standard exceptions, and regularly reporting to our clients IT management. Serve as the primary contact point for issue escalation for GRC services Manage service support requirements and ensure that quality plan, KPIs/SLAs are met Draft support SOP and documentation Model and act in accordance with wizlynx group guiding principles Summary of Key Responsibilities Responsibilities may include the following, but are not limited to: Lead IT control assessments for our clients to ensure effective IT controls are in place to meet operational and compliance requirements Work with our clients' IT, Internal Audit, Compliance and other key stakeholders to create an IT GRC strategy that complies with professional standards and addresses the IT risks inherent in our client's operations and industry Perform ongoing logical access reviews and recommend updates to access control privileges to ensure proper Segregation of Duties based on user access reviews Effectively report and communicate testing results to client's IT management for corrective action, where required Proactively identify other areas of business initiatives and changes in the business environment and assess their impact on the business control environment Conduct information security awareness training Perform evidence collection and project management assistance of our clients annual compliance (e.g. ISO 27001) certification program Track and monitor risk exceptions to ensure control deviations are identified and mitigating controls are in place Assist our clients with drafting and maintaining information security policies Provide mentoring for other team members Demonstrate excellent project management skills, inspire teamwork and responsibility with engagement team members, and use current technology/tools to enhance the effectiveness of deliverables and services Facilitate the performance and testing of our client's annual disaster recovery tests and business continuity plans Summary of Ideal Experience, Skills, Knowledge, and Abilities A minimum of five years of experience in information security audit or in a technology-related audit or compliance field, and strong knowledge base in operations, enterprise networking, system evaluation/architecture and consulting experience preferred Ideal Experience A minimum of five years of experience in information security or in a technology-related field, and strong knowledge base in operations, enterprise networking, system evaluation/architecture and consulting experience preferred Strong understanding of and ability to provide security configuration and testing of networking and operating systems, including Cloud architecture, and a wide array of large-scale environments including various major web application servers Strong understanding of information security principles such as ISO 27001, CSA Cyber Security Code of Practice, Secure-by-Design, MAS TRM Guidelines, HKMA CRAF PDPA are desirable Knowledge in NIST Cyber Security framework or CIS Controls will be desirable Sound knowledge of internal control concepts and auditing techniques Strong analytical and report writing skills Good appreciation of fundamental accounting knowledge and/or audit knowledge and financial controls Language Skills Fluent technical English (speech and writing)Ability to communicate clearly and concisely, both orally and in writing, in local language Soft Skills Excellent team leadership, team-oriented and team player who takes ownership Flexible attitude, reliable, action-oriented Customer-friendly approach and appearance Willingness to travel Innovative to push new ideas, dynamic and forward-looking with clear management principle towards the team Able to work independently, critical thinking and be able to communicate effectively with the support team and customers Enjoys working in global team with different cultures Technical Skills and Abilities Microsoft OS and Office knowledge Technical document writing Experience in Project Management in IT Knowledge in perimeter firewall infrastructure and VPN remote access Summary of Education Bachelor's degree from an accredited college/university in an appropriate field Certifications / Training CISM, CISA, CRISC, CISSP certified ISO 27001 Lead Auditor certification is preferred KEY PERFORMANCE INDICATORS / MEASURES OF SUCCESS Achieve agreed targets/SLA/KPI in terms of quality, time and cost Lead team members to achieve team/organizational goals Improve and retain high customer satisfaction POTENTIAL CAREER DEVELOPMENT Advance to higher business development tiers or geographic reach APPLY NOW Your Full Name Your Email Upload Resume Your Full Name Your Email Upload Resume I grant wizlynx group my consent to the processing of my personal information for the job application purposes #J-18808-Ljbffr