THE ROLE
CLIENT: Energy trading firm
COVERAGE: Regional
SUMMARY
Oversee the control activities across the region and to ensure that our control framework is governing our business operation in a safe and compliant manner.
Identify weaknesses within the organization's IT processes and infrastructures and ensure that proper measures are implemented to minimize such risk. Ensure that an optimised set of business process maps are in place and our internal procedures are promptly updated to reflect the agreed framework.
Work closely with both commercial and functional teams, to provide solutions/ recommendations to improve the controls and drive efficiency through continuous improvement. Proactively look out for any breach of procedure by our staff and potential control gap that could create a material risk to our organisation.
Responsible for collating global Internal Control reporting information that is required by both internal management and external stakeholders.
THE ROLE
Ensure an appropriate and tailored IT risk framework is in place and aligned with the overall IC framework;
Proactively identify IT control gaps and work closely with IT team on the risk mitigations plan and documentation
Conduct reviews on the privilege ID usage, ETRM and Finance systems’ user access rights to ensure adherence to access controls standards
Provide support on IT risk and control type of initiatives, including new system implementation and significant system change projects to ensure that proper controls are considered and included at the design-phase
Ensure an optimised set of business process maps is in place and aligned with the system controls;
Lead and conduct IT related control gaps/incidents reviews, including root cause analysis, identification of mitigating controls, follow-up on the remediation actions
Proactively identify control and process improvement initiatives and drive continuous improvement in the organization
Provide internal control guidance and support to commercial and functional teams in managing the operational risks, and ensuring the quality and consistency of the internal procedures from an IC perspective
Coordinate the Operational Sign Off process for all new business activity/product and tracking action items signed off by relevant functions
Perform daily controls monitoring and review
Compile and prepare key risk indicator report on a monthly and ad-hoc basis
Ensuring consistency of IC approach across the whole company
Coordinate and ensure key company policies and procedures are updated annually and are aligned to our Parents’ Internal Control requirements;
Provide assistance to both internal and external audits, including J-Sox reporting, and ensure timely completion of all open actions.
REQUIREMENTS
Degree in Computer Science, Information Systems/Security, Business Management or its equivalent, with professional certification in security and controls
Minimum of 5 years relevant industry experience in risk and control management within IT or IT audit
Broad exposure to a range of diverse technology, security concepts, tools, and methodologies
Experienced in reviewing technology domains across infrastructure, applications, cyber security, cloud technology, IT governance processes
Experience in IT incident investigation and reporting
Experience in an energy/commodity trading environment, or related regulatory environment an advantage
Experience in Sarbanes-Oxley/J-Sox reporting preferred
Knowledge of Application Security frameworks and standards
Competent in the full suite of MS Office packages – specifically Word, Excel, Visio PowerPoint applications.
Competency in use of data analytics and visualization tools (e.g. Power BI, Python, SQL, ACL, Alteryx, Tableau) is a considerable advantage.
Knowledge of Allegro, SUN, CubeLogic, ZEMA and IMOS would be an advantage
