Specialist, Technology Governance and Control (APAC)
We made risk management agile. We believe that unrestricted collaboration and continuous conscious reprioritization are key to effective execution, so we took an innovative approach to risk management applied agile practices to manage our daily work.
This role will be responsible for defining, documenting and communicating standardized and proactive processes for technology risk identification, treatment, monitoring and reporting. Supports the assigned line of business in gathering information and preparing for all tech risk related reporting and meetings, i.e. internal and external audit, regulatory interaction, as well as the Key Risk Review and related meetings. Collaborates with the assigned Application managers to ensure tracking and timely remediation of risks is occurring. Supports the Risk and Control Self-Assessment (RCSA) and regulatory self assessment / submission processes on behalf of Technology for the APAC region. Coordinates the issue and exception/acceptance processes, including self-reported issues. Provides consultative guidance on the prioritization of remediation efforts and supports new initiatives by implementing a "baked-in" automated control measurement and monitoring.
Here your work makes impact every day. Non-hierarchical organization supports free-flowing communication and empowers employees to take initiatives. Your voice is heard and your actions seen.
You are the right fit for this role if you:
- Have the skills in risk identification and management of process across all aspects of Technology.
- Have ability to maintain the effectiveness of enterprise -wide information security strategy including related programs, processes and initiatives.
- Assessing the current adequacy of the security strategy, business continuity/disaster recovery plans, threats to systems, and then calculating the impact of potential adverse events.
- Audits and assessments mut be continual, sas the threat profiles change constantly.
- Ensures management are kept up to date on the results of the risk assessment and make recommendations for mitigations, or projects to protect their systems or cover potential losses.
- Continually improve the quality of the risk management - through evaluation of communication security, data vulnerability, business continuity and compliance risks.
- Self-identification of risks even before it occurs
- Stay knowledgeable of current advances in all areas of information technology concerning vulnerabilities, security breaches or malicious attacks
- Identify vulnerabilities or weaknesses in systems
- Examine employee compliance with security controls and deficiencies
- Evaluate security policy, processes and procedures for completeness
- Ensure that controls are adequate to protect sensitive information systems
- Clearly document and define risks and potential impacts along with the statistical probability of such an event and identify systems affected by the defined risk
- Provide mitigation/damage reduction proposals
- 7+ years of total experience in IT Risk, Compliance, Audit and/or InfoSec
- Experience defining, implementing and monitoring IT risk management programs, including cyber security related risks
- Experience understanding design and operating effectiveness of IT controls and industry related frameworks.
- Significant knowledge in 2 or more: Application Security, IT Governance, IT Compliance & Audit, Identity & Access Management, Cloud Security, Asset Security, Threat/Vulnerability Management, BCM & DR
- Proficiency in written and spoken English (It would be a plus if the candidate understands another Asian language - Mandarin/Japanese) to support the APAC Business segments
- Excellent time management and written/verbal presentation skills
- Drive to execute and ability to solve challenges independently as well as drive projects / initiatives to completion
- Excellent stakeholder management and communication (Verbal and written) skills
- Confidence to respectfully challenge stakeholders
- Ability to quickly adopt to quick changes
- Ability to summarize complex technology issue
- IT Audit experience
- Project Management experiment
- Information risk and/or security qualification (CISA, CISSP, CRISC, CISM or e quivalent preferred)