Risk Analyst

NTT is a leading global IT solutions and services organisation that brings together people, data and things to create a better and more sustainable future.

In today’s ‘iNTTerconnected’ world, connections matter more now than ever. By bringing together talented people, world-class technology partners and emerging innovators, we help our clients solve some of the world’s most significant technological, business and societal challenges.

With people at the heart of our success, NTT is committed to attracting and growing the best talent and providing an environment where everyone feels they can belong and their contribution matters.

**Want to be a part of our team?**
- Support the Region and Country management in the management, implementation, maintenance, monitoring & reporting of the Global Data Centers Singapore’s organisation’s Governance Risk and Compliance (GRC), Information Security management systems (ISMS), Internal audits, Certifications and external audits, and Data Privacy & Protection (DPP) requirements, activities and projects.
- Responsible for Global Data Centers Singapore’s certification audits
- Support Global, Regional & local cross-scope GRC, ISMS, DPP, Certifications & Audit activities and projects.
- To foster and champion a strong governance compliance culture and awareness through internal promotion and training activities.

**Working at NTT**

**Certifications & External Audits**
- Obtain, manage, maintain all relevant data center certifications & external non-customer audits (Example: ISO27001, PCIDSS, OSPAR, SOC1, SOC2, etc) for Global Data Centers Singapore entity.
- Support Singapore Data Center certification audits as audit focal point between auditees and auditors, and provide advisory on certification audit standards requirements, audit findings and mitigating actions.

**Internal Audits**
- Plan & conduct internal audits on Global Data Centers Singapore scope to evaluate the Singapore Data Centers organisation’s internal controls, and recommend and review audit corrective actions to closure.
- Maintain the local internal audit framework, policies, SOPs, templates, and internal audit programs for Global Data Centers Singapore.

**Governance Risk Compliance (GRC)**
- Implement and maintain the Singapore Global Data Centers’ GRC framework, standards, policies and procedures, and ensuring alignment with Group requirements
- Support Management in Enterprise Risk assessment & management, Incident management, reviews, key metrics reporting, audits and investigations for the Singapore Global Data Centers’ organisation.

**Information Security Management (ISMS)**
- Responsible for the management, implementation, maintenance of the Global Data Centers Singapore’s Info Security Management Systems, local info security policies, standards and procedures, and ensuring alignment with NTT Ltd Group requirements and applicable standards such as ISO27001 and OSPAR etc.
- Responsible for Info Security Risk management including info security risk assessments and monitoring, security incident management, key metrics performance monitoring and consolidation, and management reporting for Global Data Centers Singapore.
- Responsible for identifying, monitoring and advising Global Data Centers Singapore organisation of info security alerts, threats and vulnerabilities, and ensuring mitigating activity such as vulnerability management and patching is performed timely
- Perform info security investigations, inspections and compliance reviews, and support security related internal and external certification audits.

**Data Privacy & Protection (DPP)**
- Responsible for Global Data Centers Singapore’s DPP framework; regulatory, standards & policy compliance; DPP program adoption, implementation and maintenance; and DPP risk management
- Act as point of contact for all data privacy and protection matters, queries, issues, audits and advisory related to Global Data Centers Singapore organisation.
- Responsible to oversee, manage, and act as point of contact for data breaches/data privacy incidents relating to Global Data Centers Singapore

GlobalDataCentersCareers

**What will make you a good fit for the role?**

**_ Essential:_**
- Excellent degree in a related field
- 2 years’ work experience preferably in or related to Governance, Risk management, Compliance; Internal audit and/or Information security management and/or related functions (such as GRC, Enterprise risk management, Internal audit, IT audit, Information Security governance and IT risk management), and competency in standards certifications such as ISO27001/PCIDSS/OSPAR/SOC2.
- Strong understanding and familiarity on governance, risk management principles, internal controls and management systems, audit techniques and standards
- Excellent written, communication and presentation skills, including ability to interpret management system standards, explain concepts such as compliance requirements, risks and audit issues