IT Governance and Risk Manager

Responsibilities:

• Developing and maintaining IT security policy
• Defining security requirements for new or modification to services
• Monitoring and handling of security incidents
• Generating IT Service Management reports and manage service levels according to agreed SLAs
• Managing suppliers
• Managing IT service continuity (BIA for all existing and new services, maintaining testing schedules, and ensuring continuity plans are up-to-date)
• Monitoring compliance to IT Security Policy and regulatory compliance requirements, as well as tracking remediation of non-compliance issues
• Change management (determining impact of change, Change Request review, and sign off to secure Production Systems - authorizing change requests)
• IT Security evaluates of internal/external application development, various technical systems and provides report of controls (BRD).
• Coordinate requirements of Information Protection from HD and RHQ.
• Assessment security vulnerabilities and ensure all vulnerabilities remediated such as security patches, security threats and cyber security.
• Provide IT Security Awareness Training to staffs
• Support regular Business Continuity Plan (BCP) test.
• User account management (registration/ de-registration process, periodic user account review, maintaining user access matrix)

Qualifications and skills:

• A degree in Information Systems, Computer Science or equivalent field of study and professional experience.
• 10 - 15 years relevant Information Technology infrastructure, ITIL and security working experience (experience in Insurance Business would be advantage).
• In depth understanding of core security monitoring and response services - process, technology and governance - including attack detection, vulnerability management, security incident management and threat intelligence
• Solid in security service governance and management e.g. definition of policies, standards, procedures, and metrics to measure and report on service effectiveness and performance
• Good security incident response - ability to assessment and verify security events, and direct and execute containment actions
• Proven and delivering continuous service improvement and IT governance experience
• Experience in conducting risk assessment activities, security analysis and incident response review and reporting
• Risk management, ITIL implementation as well as service management knowledge
• ISO 27001 audit task
• Strong vendor management
• ITIL, CISA, CISM, PCI DSS and COBIT5 certification would be advantage
• Excellent written and spoken English