Lead Technology Risk Adviser
- Permanent, Full time
- NTUC Income Insurance Co-operative Ltd
Lead Technology Risk AdviserYou will be part of the Technology & Cyber Risk (TCR) team under the Information Technology Risk & Security (ITRS) department of Income. TCR section is responsible for strategizing & oversight of TRM compliance tasks and projects, ensuring TRM controls and measures are implemented in a cost effective manner in supporting Income's line of businesses.
- Work under the supervision and guidance of the Technology & Cyber Risk Manager to identify, assess and manage information security vulnerabilities and risks in the IT environment, as well as from financial intelligence leads.
- Assess risks, evaluate for efficiencies and identify opportunities for improvement from people, process and technology perspectives.
- Work with business units to determine the controls necessary to remediate identified risks and vulnerabilities; negotiate dates for remediation to be completed.
- Ensure that identified risks are managed and tracked in accordance with the Risk Management program including all artifacts on risk assessment results.
- Assist in the development of appropriate information security policies, standards, procedures, checklists, and guidelines to meet the regulatory and organization requirements.
- Perform periodic due diligence on IT outsourced vendors, assess its residual risk and update to the risk register.
- Provide oversight on account and application access administrative activities.
- Regular review on Systems & Database privileged users' activities.
- Obtain a good understanding of MAS Technology Risk Management (TRM) Guidelines, MAS Notices on Cyber Hygiene and Income's TRM Framework's risk processes and identify opportunities to enhance ITRS operational effectiveness.
- Cultivate working relationships with across IT and business units acting in an advisory capacity for various projects.
- Bachelor Degree in Information Systems, Computer Science or Information Technology.
- Min 5 years in IT Security field with at least 2 years in IT risk management.
- Candidate with CISSP, CISA or CRISC will be a plus.
- Experience with RCSA process of risk management.
- Strong interest in IT risk management and keep abreast of the dynamic threat landscape.
- Knowledge of common IT technologies (OS, databases, network devices, applications)
- Familiarity in one or more of the following areas: application security, OS system security, networking, mobile device security, cloud technologies (IaaS, SaaS environments, etc.), and web technologies.
- Familiarity with International standards and best practices such as ISO 27001 and OWASP.
- Familiar with IT Outsourcing processes.
- Strong communications skills to be able to interact with technical and non-technical colleagues.
- Detail oriented and analytical.