Role: IT Risk Management Officer
IT Risk Management is a regional function in Asia responsible for technology risk governance and management. This function works in close collaboration across IT to foster strong risk culture and awareness. Primary responsibilities include risk management activities with the aim to continuously strengthen IT operational /security posture and provide risk transparency to our management.
Service Offering
• Support the rollout of IT risk management strategy, framework and standard(s) in Asia
• Manage day to day IT Risk management activities in Asia including:
o Maintenance of the central risk register
o Tracking of risk mitigation plans and
o Follow up on risk remediation and/or mitigation plans
• Responsible for preparation of risk reporting to IT Risk Management Forum as well as Operational Risk Committees in Singapore and Hong Kong.
• Perform regulatory (MAS and HKMA) and security related assessments, review technical control effectiveness, identify gaps and follow up on actions
• Perform and execute internal control plans
• Review application security concept design as part of project implementations
• Work with external and internal audit to facilitate fieldwork and tracking of IT related audit items
• Handle routine security related tasks e.g. password management, review of requests
• Drive a positive risk culture through training, communication and collaboration
• Prepare materials for periodic IT Risk Awareness trainings
KEY FEATURES OF THE POSITION
IT Risk Management
• Maintain the central risk register for Asia
• Support and assist risk owners to develop risk mitigation/remediation strategies for High, Medium and Low risk items
• Maintain oversight of risks mitigation / remediation plans of High, Medium and Low risk items
• Work closely with IT Project Managers to identify, mitigate and treat residual risks arising from projects
• Collaborate with Information Security function to support implementation and/or mitigation of Cyber risks
• Prepare risk reporting materials to be presented at IT Risk Management Forum and Operational Risk Committees
• Perform internal control validations and highlight exceptions for remediation
• Track, monitor and report on status of controls
• Provide IT risk awareness trainings
• Support IT teams in responding to external and internal audit queries. Review audit reports and provide audit responses
• Track audit remediation plans to ensure timely and proper closure of IT audit points
Client Management (internal & external)
• Various IT functions, both regionally and globally
• Operational risk (CRO)
• Local Legal and Compliance functions
Business Management
• Key local stakeholders include IT Service Owners, IT Infrastructure, IT Application Managers, IT Architecture and Project Managers
• CRO functions – including Business Operational Risk, Information Security and Compliance functions
• Global functions – IT Risk Management , Information Security.
If you are keen to explore the above role, please send across your updated resume to [email protected] and we can discuss to proceed further.
EA Personnel Registration Number: R1112410
Singapore Employment Agency Licence No: 11C3373
