Job Purpose
You will be assuming an integral role in Group IT Risk and Compliance for Great Eastern to oversee the tasks and delivery of the function’s responsibilities to manage risks and controls on a timely basis and support effective IT risk management processes across IT areas.
The Job
• Manage IT regulatory inspections and audit engagements with internal and external reviewers/auditors. Oversee the entire review lifecycle with reviewers/auditors during preparation, planning, fieldwork and reporting with adequate management responses, ensure timely audit issue closure.
• Conduct compliance review and pre-audit activities on key IT processes and systems according to annual plan or ad-hoc basis, identify gaps and provide recommendations for remediation.
• Manage Group IT self-assessment and key risk indicator review according to Group Risk Management and local RM&C requirements.
• Oversee IT Risk Acceptance process, review details, conduct initial assessment, drive processing and tracking of risk acceptance cases.
• Oversee IT incidents reporting process, review impact and root cause, and agree upon actions by IT Leads for reportable issues according to GIT framework.
• Monitor state of IT compliance with regulatory requirements and internal policies and provide timely management report.
• Monitor changes in technology related legislation and regulation that affect the Group IT's risk management and compliance, and drive initiatives to address potential gaps if need to.
• Provide SME advisory to IT users and functions on regulation and compliance requirements, conduct communication and awareness sessions if need to.
• Takes accountability in considering business and regulatory compliance risks and takes appropriate steps to mitigate the risks.
• Maintains awareness of industry trends on regulatory compliance, emerging threats and technologies in order to understand the risk and better safeguard the company.
• Highlights any potential concerns /risks and proactively shares best risk management practices.
Our Requirements
• Degree in Computer Science or IT related studies with at least 8 years of relevant working experience.
• Advantage with professional certifications in IT Risk/Control/Governance such as CISA, CISSP, CRISC etc.
• Knowledge of IT risk and controls framework, e.g. ISACA, ISO 27000 standards.
• Experience with MAS TRM governance and framework.
• Experience in communicating risk and control findings with key stakeholders, developing recommendations and provide accurate metrics and management reports.
• Team player with strong interpersonal skills and keen on developing collaborative relationships.
• Strong analytical skills to review and analyze data to identify and articulate key issues and propose solutions.
• A self-starter, always strive for excellence, innovative with service oriented mindsets and initiative to improve processes.
• Good facilitation and presentation skills.
• High level of integrity, takes accountability of work and good attitude over teamwork.
• Takes initiative to improve current state of things and adaptable to embrace new changes
