Role & Responsibilities
- Key point of contact for engagement on all technology audit and risk related requests.
- Facilitate audit and risk management process involving key stakeholders and setting up the structure and routines including perform quality checks on responses to key stakeholders relating to audit issues, risk treatments and remediation status.
- Assist management to establish, review and verify the IT reviews conducted by internal and external audit agencies to achieve efficiencies and to provide an effective course of action.
- Perform periodic compliance checks on IT applications within the Service Operations portfolio of applications to assess the overall state of compliance with prevailing policies, processes and standards that are relevant to Service Operations.
- Conduct assessment and testing of IT applications control to ensure ongoing adherence with prevailing cybersecurity policies, processes and standards, and to determine the operating effectiveness of the controls implemented.
- Identify opportunity of internal controls improvement and standardization.
- Advise improvements and assist in the development of measurable information and reports / dashboards to assure continued effectiveness of risk and compliance management actions and controls.
- Communicate and assist management by providing relevant, timely and credible information to allow management address identified IT risks, formulate appropriate risk treatment plans to meet business objectives.
- Provide regular reporting to relevant stakeholders, including senior management, on the overall state of governance, risk and compliance in Service Operations.
- Prepare and/or coordinate Monthly/Quarterly or any ad hoc Governance, Risk and Compliance meetings.
- Perform all other GRC duties as assigned by the Management.
Requirements
- Recognized Bachelor’s degree in computer science or equivalent in the related areas.
- At least 3 or more years of relevant experience in any of the following: IT security / governance / risk management / compliance / internal controls / process improvement / application development & support and/or similar functions.
- Experience in design, implementation as well as management of IT program and projects experience.
- Demonstrated analytical and problem solving skills, organizational and planning abilities.
- Possess good verbal and written English communication across all levels of personnel with proven ability to translate complex, technical subjects into clear and concise communications to a variety of key stakeholders.
- Proficient in Office Productivity Software Suite (e.g. Microsoft Excel, Powerpoint, Words, SharePoint, etc).
- Ability to function effectively in a dynamic, fast paces environment.
- Ability to work independently, take initiative, as well as an effective team player.
- Experience in healthcare industry or public sector IT program and projects is an added advantage.
- Knowledge of various IT Standards and Control Frameworks such as the following is an added advantage:COBIT
SANS Incident Management Process
PCI DSS
ISMS
OWASP
- Candidates possessing Technology or Risk Certifications such as CISA, CISSP, CISM, CRISC, CGEIT etc. would have an advantage.