IT Risk & Security Officer (Manager)
- Create, implement and maintain policies, standards and guidelines covering IT Risk & Security Management (particularly in technology risks and information security risks);
- Provide oversight on the policies such as; IT Risk Management Framework, Key Risk Indicators , Security Operation, and Audit Tracking & etc;
- Advise business or IT stakeholders and project teams on IT risks and recommended controls, practices and design to mitigate the risks, including meeting compliance requirements.
- Plan and deliver communication session and awareness on IT risk and controls to IT or business stakeholders.
- Proactively to identify risks and be responsible for the IT-BCP;
- Conduct regular reviews on security controls (e.g. access control & sanctions, architecture review, firewall/proxy rule set approval);
- Ensure all quality processes continue to operate effectively.
- Leads suitable information security awareness, training activities to user and IT team.
- Lead all IT audit activities, which shall include the external (i.e. vendor) and internal assessments as well as all customer related, regulatory, as well as regional-governance audit activities;
- Work closely and liaise with internal IT auditors or regulator.
- Perform Security Incident Management & Event Log Management;
- Conduct Vulnerability & Threat Management reviews and supervise Penetration Testing as required;
- Drive all IT Security related program or projects.
- Initiate, facilitate, and promote on-going education activities to create, IT security and incident response awareness for all staff;
- Coordinate the project plans for IT Security related activities, monitor, track and escalate as required;
- Work closely with information system owners and technical members to secure information and mitigate the risks;
- Any other tasks as assigned by Superior
- Degree in Computer Science or Information Technology
- CISM, CISSP or other related certification would be preferred
Skills / Experiences
- At least 3 years of working experience in managing IT Security and IT Risk;
- Good experience in IT Security/Risk management processes, framework, policies, standards and guidelines;
- Result oriented, with good project management skills and able to multi-task and operate within stipulated deadlines
- Ability to communicate effectively with all levels of staff and across various organizational levels
- Ability to present proposal and answer questions with confidence and presence
- Ability to think logically and act tactically with a strong sense of responsibility
- Proven technical aptitude and understanding of interconnections between IT systems
- Knowledge of legislative (e.g. data privacy) and regulatory (e.g. financial regulatory) would be preferred
- Knowledge of insurance industry would be preferred
- Business level English