IT Risk and Compliance Specialist

The position will sit within the Risk Management section of the IT Security Department and will report directly to IT Risk and Compliance Associate Manager. The role portfolio covers Singapore, US, Cardiff, Switzerland and the Netherlands.

The responsibilities of this position include supporting the development, implementation, and maintenance of IT policies and procedures, as well as conducting control assessments based on identified risks. The Analyst will be tasked with performing IT risk assessments and reviews to ensure compliance with regulatory requirements. Proactive identification of opportunities for enhancing IT governance processes is also a key aspect of this role.

**Responsibilities**
- Information Risk Management
- Work closely with Associate Manager to identify and evaluate IT risks with their potential impact which include areas such as data protection, project management, security by design framework, data management, network and infrastructure, etc.).
- Maintain and monitor key risk indicators, as well as recommendation of corrective action plan to mitigate the risks.
- Assist Associate Manager to understand any risk exposure, address the identified risk and take appropriate risk treatment and mitigation plans.
- Update IT departmental risk register and ensure regular reviews for business reporting of the status of identified risks and recommendations.
- Be the secondary point of contact for relevant risk parties and professional services hired to assess risk exposure and vulnerability.
- Monitor and update IT policies, procedures and control assessments in response to identified risks.
- Work with Associate Manager to conduct Phishing campaigns for all offices regularly.
- Undertake other duties as directed by Associate Manager.

2. IT Audit and Assurance
- Collaborate closely with Associate Manager to update the IT Annual Audit Plan and coordinate with IT Heads and Business Leaders to ensure effective and efficient audit.
- Assist the Associate Manager in scoping all IT Audits and compliance exercises, coordinating with staff and audit teams to provide required audit evidence.
- Review and monitor progress of remediation of audit findings.
- Maintain the audit findings tracker to identify the respective compliance obligations and risk, and track performance of the departments capability to address relevant audit findings within reasonable timeframes.
- Responsible for monitoring compliance with local, national, and global audit policies and regulations

**Requirements**:

- Degree in IT, Computer Science, Engineering, Information Security or equivalent.
- Prior working experience in IT, with at least 3 years of experience in Technology Risk Management (including cyber security) or technology audits.
- Demonstrated hands-on experience in identifying, assessing, treating, monitoring, reporting and advising on technology risk management.
- Good working knowledge of security risk management and security governance methodologies, industry security standards such as ISO27001/2, CIS Critical Controls, NIST Cybersecurity Framework, risk management tools, technical vulnerability management, security technologies and trends and security operations.
- Good working knowledge of privacy and data protection laws and regulations (GDPR, PCI-DSS).
- Good organizational, problem solving, interpersonal and operating skills.
- A current, recognized, professional security management certification (e.g., CRISC, CISA, CISM, CISSP) is desired.
- Good communication skills (both written and oral), able to work both independently and in a team-oriented collaborative environment.
- Self-motivated with the ability to carry out assigned tasks with minimum supervision.