IT Risk and Compliance Associate Manager

Information Risk Management- Identify & evaluate IT risks with their potential impact which include areas such as data protection, project management, security by design framework, data management, network and infrastructure, etc.)
- Establishing and monitoring key risk indicators, as well as recommendation of corrective action plan to mitigate the risks
- Liaise with other IT system owners and Heads to understand risk exposure and address the identified risk and take appropriate risk treatment and mitigation plans
- Responsible for IT departmental risk register and ensure regular reviews for business reporting of the status of identified risks and recommendations
- Be able to independently review and suggest ideas to enhance risk dashboard and risk reporting, based on a strong understanding of the business needs and technology risks requirement regularly
- To manage a Governance, Risk and Compliance (GRC) tool which helps integration of IT risk and continuous real-time monitoring of cyber-security risk
- Be the main point of contact for relevant risk parties and professional services hired to assess risk exposure and vulnerability. Responsible for monitoring and following up on the completion of findings
- Responsible to create, review and maintain IT policies, procedures and control assessments in response to identified risks
- Managing IT vendor security risk and relationships, via RFP (request for proposal) security assessment process, risk acceptance form process, and vendor renewal.
- Lead and conduct Phishing campaigns for all offices at least once yearly
- Undertakes other duties as directed by line manager
- IT Audit and Assurance- Act as the primary contact for the IT Annual Audit Plan and coordinate with IT Heads and Business Leaders to ensure the audit goes smoothly
- Responsible for scoping all IT Audits and assurance exercises, working with staff and audit teams to coordinate all fieldwork, reviewing, monitoring and finalizing all audit findings, and post tracking and reporting on subsequent findings to identify and track performance of the departments capability to address relevant audit findings within reasonable timeframes
- Build strong relationships with internal and external auditors and maintains open and responsive channel between IT, General Affairs and the respective internal audit teams.
- Maintain IT Audit relevant documentation, that includes all types of compliance obligations and potential risks
- Review, recommend and manage audit and regulatory changes in IT
- _Work with IT Heads to establish standard IT standard operational procedures (SOP) as governed by audit and regulatory requirements. The SOPs should cover the BAU operations, data centre operations and software development lifecycle _
- _Work with IT Project Management team to ensure the required IT Project/software development SOP is comply with the regulatory framework and guidelines. Conduct internal audits/assessment to ensure conformance to SOPs _
- _Work with IT Services Senior Manager and IT Heads to ensure IT BAU SOPs/IT Infra SOPs comply with the required standards and guidelines. Conduct internal audits/assessment to ensure conformance to SOPs _
- Be the main point of contact for both internal and external auditors and professional services hired to assess IT risk exposures and vulnerabilities
- Responsible for compliance with local, national, and global audit policies and regulation
- Policy and regulatory documentation are reviewed and made available to the relevant stakeholders, as required

**Knowledge & Experience Requirements**
- Degree in IT, Computer Science, Engineering, Information Security or equivalent
- A current, recognized, professional security management certification (e.g., CRISC, CISA, CISM, CISSP) is desired.
- Prior working experience in IT, with at least 4 years of experience in Technology Risk Management (including cyber security) or technology audits
- Demonstrated hands-on experience in identifying, assessing, treating, monitoring, reporting and advising on technology risk management
- Good working knowledge of security risk management and security governance methodologies, industry security standards such as ISO27001/2, CIS Critical Controls, NIST Cybersecurity Framework, risk management tools, technical vulnerability management, security technologies and trends and security operations
- Good working knowledge of privacy and data protection laws and regulations (GDPR, PCI-DSS).
- Excellent organizational, problem solving, interpersonal and operating skills to effectively drive IT Risk agenda
- Strong communication skills at all levels - able to effectively communicate with IT/business management to drive IT risk mitigation initiatives and other IT risk management services
- Knowledge of Information Security, System Resiliency & Availability & Software development practices and frameworks preferred
- Ability to rapidly comprehend the functions and capabilities of new trends and technolo