Assistant IT Consultant

**Job no**: 498320
**Department**: Communications and InformationTechnology
**Contract type**: Contract
- Work on standards and framework, and to drive the implementation and organizational awareness to support IT Governance, Risk & Compliance (GRC) objectives
- Support initiatives to assess the adequacy and effectiveness of IT controls and policies, and direct remediation activities to ensure that compliance gaps are successfully addressed
- Manage and ensure IT policies and procedures up to date across the organization, working with the appropriate stakeholders
- Jointly monitor, track and review with Cyber Security team and other IT teams on all risk findings and assessments of IT initiatives.
- Develop, maintain, review and report on the IT Risk Register. Schedule and participate in periodic risk self-assessments and track remediation action plans.
- Front auditors, both internal and external, for audits directed at the IT Division or at business divisions where IT involvement is required.
- Detailed reporting on security risk issues and treatment plans to SIT management or statutory reporting to MOE
- Secretariat of various divisional meetings including IT Steering committee meeting
- Conduct internal control reviews to ensure processes are in place
- Drive continuous improvement based on expert knowledge in domain areas, industry best practices, established market standards and certifications, and business objectives

**Requirements**:

- Bachelor’s degree in Information Technology or Computer Science or related fields, with a minimum of 4 years experience in IT governance, audits and risk management
- Experience in ISO27001 compliance efforts and certification experience is highly desirable
- Good knowledge and experience with standards and frameworks like NIST, ISO27001, MTCS, and Personal Data Protection Act (PDPA) is essential; familiarity with Government IM and PCI-DSS
- Industry certifications like ITIL, COBIT, PMP, DRM/BCM, CISSP/CISA/CISM are desirable
- Possess excellent written and oral communication skills with the ability to present ideas and results to all levels of staff, including C-Level and Board executives
- Good analytical and problem-solving skills
- Have a positive attitude and excellent team player
- Work on standards and framework, and to drive the implementation and organizational awareness to support IT Governance, Risk & Compliance (GRC) objectives
- Support initiatives to assess the adequacy and effectiveness of IT controls and policies, and direct remediation activities to ensure that compliance gaps are successfully addressed
- Manage and ensure IT policies and procedures up to date across the organization, working with the appropriate stakeholders
- Jointly monitor, track and review with Cyber Security team and other IT teams on all risk findings and assessments of IT initiatives.
- Develop, maintain, review and report on the IT Risk Register. Schedule and participate in periodic risk self-assessments and track remediation action plans.
- Front auditors, both internal and external, for audits directed at the IT Division or at business divisions where IT involvement is required.
- Detailed reporting on security risk issues and treatment plans to SIT management or statutory reporting to MOE
- Secretariat of various divisional meetings including IT Steering committee meeting
- Conduct internal control reviews to ensure processes are in place
- Drive continuous improvement based on expert knowledge in domain areas, industry best practices, established market standards and certifications, and business objectives

**Requirements**:

- Bachelor’s degree in Information Technology or Computer Science or related fields, with a minimum of 4 years experience in IT governance, audits and risk management
- Experience in ISO27001 compliance efforts and certification experience is highly desirable
- Good knowledge and experience with standards and frameworks like NIST, ISO27001, MTCS, and Personal Data Protection Act (PDPA) is essential; familiarity with Government IM and PCI-DSS
- Industry certifications like ITIL, COBIT, PMP, DRM/BCM, CISSP/CISA/CISM are desirable
- Possess excellent written and oral communication skills with the ability to present ideas and results to all levels of staff, including C-Level and Board executives
- Good analytical and problem-solving skills
- Have a positive attitude and excellent team player