IT Governance, Risk and Compliance Specialist

**Trusted carbon credits. Real impact.**:
Climate Impact X (CIX) is a Singapore-based global carbon exchange and marketplace that aims to scale the voluntary carbon market; through a joint venture by DBS, SGX, Standard Chartered and Temasek.

CIX offers distinct platforms and products that cater to the needs of different carbon credit buyers and sellers. The Exchange facilitates the sale of large-scale high-quality carbon credits through standardised contracts - catering primarily to MNCs and institutional investors. The Project Marketplace and Auction offer a curated selection of NCS projects that can meet corporate sustainability objectives. Each project on the Project Marketplace and Auction is supported by transparent impact, risk and pricing data.

We are looking for dynamic, highly-motivated and passionate individuals willing to work and learn in a fast-paced environment to be part of this exciting journey to deliver tangible and lasting impact.

**Roles and Key Responsibilities**

CIX is looking for **IT Governance, Risk & Compliance specialist **who will be responsible to develop and drive effective IT security compliance programs involving compliance management, vendor management, audit management, IT risk management, policy management, technical awareness and training. The individual will report directly to the Chief Technology Officer.

**IT Governance, Risk & Compliance specialist***

Key responsibilities:

- IT Governance, Risk & Compliance (GRC) controls
- IT Disaster Recovery
- Business Continuity
- New Data Governance initiatives
- Jointly monitor, track and review with Cyber Security team and other IT teams (vendors) on all risk findings and assessments of IT initiatives
- Collaborate with Business Operations and Support services to ensure the policies are agreed, executed, and assessed in a timeline manner
- Ensure that all types of risks are identified, understood, communicated, and remediated
- To assist in evaluating overall security posture and aligning with defined risk objectives
- Conduct periodic awareness meetings / trainings to educate other teams wherever necessary to ensure risks are well understood to be vigilant all time
- Schedule and participate in periodic risk self-assessments and track remediation action plans.
- Front auditors, both internal and external, for audits directed at the IT Division or at business divisions where IT involvement is required.
- Detailed reporting on security risk issues and treatment plans to management
- Working on new policies and standards for new Data Governance covering data security classification, handling, storage, retention, and disposal
- Implement appropriate measurements to minimize or eliminate the impact that security related threats and vulnerabilities might have on the organization
- Generate reports/dashboards and report the level of potential, inherent and residual risks, and the effectiveness of controls to business and IT teams understand threats and vulnerabilities and make risk-based decisions
- Review and assist IT team deliverables to ensure all checks are taken care before production deployment
- Advise management on vendor overall performance, adherence to service levels, contractual compliance, risks, and new service offerings
- Collaborate within all areas of IT to ensure that suppliers are effectively handled, and contracts are fully leveraged
- Support business operations and head of technology in accomplishing Business Continuity Planning, review the outcome, flag any risks and track to completion

**Experience**
- Bachelor's degree in business, information systems or computer science or equivalent experience
- 5 years of experience in an information security role, preferably compliance/audit/control or related experiences
- Overall 12+ years of professional experience in IT, security, project management, stakeholder management
- Must have 2+ years of experience in Cloud governance, audit, and risk management and cloud providers like AWS, Azure
- Experience in ISO27001, TRM and/or SOC compliance efforts and certification experience
- Good knowledge and experience with standards and frameworks like NIST, ISO27001, CIS, CSA, MTCS, and Personal Data Protection Act (PDPA) is essential; familiarity with Government IM and PCI-DSS
- Industry certifications like ITIL, COBIT, PMP, DRM/BCM, CISSP/CISA/CISM are desirable
- Industry certifications on AWS Certified Security - speciality or equivalent will be an added advantage
- Ability to work independently, under pressure and respond to tight deadlines
- Analytical skills to resolve business continuity issues, prioritize workloads, resolve difficult problems, and provide technical leadership and direction
- Proactive and consistently show initiative, solution-oriented

CIX is an equal opportunity employer committed to diversity and inclusion.