IT Risk & Security
· Create, implement and maintain policies, standards and guidelines covering IT Risk & Security Management (particularly in technology risks and information security risks);
· Provide oversight on the policies such as; IT Risk Management Framework, Key Risk Indicators , Security Operation, and Audit Tracking & etc;
· Advise business or IT stakeholders and project teams on IT risks and recommended controls, practices and design to mitigate the risks, including meeting compliance requirements.
· Plan and deliver communication session and awareness on IT risk and controls to IT or business stakeholders.
· Proactive to identify risks and be responsible for the IT-BCP;
· Conduct regular reviews on security controls (e.g. access control & sanctions, architecture review, firewall/proxy rule set approval);
· Leads suitable information security awareness, training activities to user and IT team.
· Lead all IT audit activities, which shall include the external (i.e. vendor) and internal assessments as well as all customer related, regulatory, as well as regional-governance audit activities;
· Work closely and liaise with internal IT auditors or regulator.
· Perform Security Incident Management & Event Log Management;
· Drive all IT Security related program or projects.
· Work closely with information system owners and technical members to secure information and mitigate the risks;
· A Bachelor's Degree or more in Business related discipline or an Information Technology;
· CISM, CISSP or other related certification would be preferred
· At least 7 years of working experience in managing IT Security and IT Risk;
· Good experience in IT Security/Risk management processes, framework, policies, standards and guidelines;
· Result oriented, with good project management skills and able to multi-task and operate within stipulated deadlines
· Ability to communicate effectively with all levels of staff and across various organizational levels
· Ability to present proposal and answer questions with confidence and presence
· Ability to think logically and act tactically with a strong sense of responsibility
· Proven technical aptitude and understanding of interconnection between IT systems
· Knowledge of legislative (e.g. data privacy) and regulatory (e.g. financial regulatory) would be preferred
· Knowledge of insurance industry would be preferred
· Business level English