IT Risk Manager
- Permanent, Full time
- Schroder Investment Management (Singapore) Ltd
- 27 Sep 16
This is a newly created position where we are looking for an expertise in Information Risk Management, with strong understanding of the Financial regulatory requirements to support the APAC region
The Information Security team provides thought leadership on managing the information security threats and vulnerabilities to Schroders information assets and is the centre of excellence for information security advice and to drive all changes for the business, related to IT Security. The team is comprises of various SME‘s in IT Security, IT Risk and Access and Identity Management, and Information Risk Management. This role is to support the Information Risk Management function.
Overview of role
The position is responsible for performing risk assessments of our information systems, incorporating third party due diligence as appropriate. Crucial to the role is the effective articulation of risk treatments and recommendations to key stakeholders. The position is also expected to provide general consultancy to identify and prioritise security-related requirements, promote secure-by-default designs and facilitate the delivery of information security services. The ability to provide advice across multiple technologies while appreciating the wider regulatory and threat landscape is essential. The role demands strong stakeholder engagement skills with the talent to connect and communicate across all levels across the Group.
Candidate with a minimum 5 years of relevant experience in:
- Expertise in Information Risk Management, with strong understanding of the Financial regulatory requirements in APAC (including, but not limited to MAS TRM)
- Experience of information risk governance and an understanding of risk analysis, management techniques and methodologies.
- Experience of conducting risk assessments, architecture reviews, vulnerability assessments, and risk remediation strategies
- Experience conducting security due-diligence exercises on third parties, and for managing outsourcing contracts
- The ability to provide information risk consultancy across multiple technology disciplines while appreciating the regulatory and threat landscape.
- Knowledge and experience of the wider technology space, such as infrastructure, database, networks, web and cloud technologies and mobile device management.
- Strong stakeholder engagement and management skills, with the ability to connect and communicate at all levels across the Group, an integrator of people and processes.
- The ability to influence and drive change in a collaborative way.
- Demonstrate strong analytical skills with the capability to assess the information provided, and provide clear and appropriate direction.
- Experience of producing executive reports and risk metrics.
Qualifications / Key Competencies
- Professional information security or risk qualification /degree e.g. CISSP, CRISC, CISA, CISM.
- Working knowledge of the information security best practices (ISO 27001:2013, NIST Cyber Security framework etc.).
- Excellent communication and reporting skills, including the ability to simplify complex technical information into clear executable Business intelligence.
- Knowledge of current technological trends and developments in the area of information security and risk management.
- Good all round knowledge of operating systems, database platforms, web technologies, and cloud solutions highly desirable.
- Must be self-motivated, strives to produce high quality work, and a good team player. Should be able to identify areas that need attention, or have gaps, and be able to suggest and drive solutions.