IT Analyst (Risk Management, Audit and Compliance)

The successful candidate will join the Team who is responsible for providing leadership in establishing and governing the software development processes with the aim of ensuring the software development team is efficient in its execution and compliant to the established policies and guideline. The team will also need to look into opportunities for improvement within the IT Delivery Team, which include gathering/finalising/study of requirements, project planning/scheduling, solution sourcing, development, implementation and adoption, auditing and monitoring for compliance on the established guidelines/standard/policies.

The successful candidate will under the sub pillar of Risk Management, Audit and Compliance.

The level of the staff will be offered base on his/her experience level and their ability to fit the job scope described.

JOB SCOPE (RISK MANAGEMENT, AUDIT AND COMPLIANCE)

The successful candidate will have the opportunities to work on the follow function(s).

Primary Function:

Responsible for the function of Risk Management, Audit and Compliance for the organisation. The scope of work includes but not limited to the following: -

Direct, management and support the organisation’s risk management process and ensure alignment with Group GRC effort. This will include but not limited to: -

• Manage and enforce the annual Control Self-Assessment for organisation
• Support the collation of statistics for Sustainability reporting to parent company.
• Manage and track risk mitigation corrective action plans.

Programme manage and oversee certification / renewal process for, but not limited to, the following standards: -

• ISO22301 – BCMS
• ISO27001 – ISMS
• Others in the pipe lines, i.e. Cyber trust mark

This will involve the planning, organising and completion of the mandatory activities a defines by the standards. E.g. Risk review, Plan Reviews, Test and Exercise, evidence collection, etc.

Main liaison for all IT related external audits as requested by the management or board of directors.

Training programme management with alignment to risk management and certification requirement. Responsibility includes

Manage the e-training service sourcing and renewal as assigned.

Engage the subject matter experts in creating engaging training materials, including presentations, videos, and interactive modules, to promote understanding of cyber security awareness/best practices and any training required for compliance purposes.

Track and report on training effectiveness and participation rates, and adjust training content as necessary with subject matter experts, to address emerging threats and challenges

Secondary Function:

Other Audit Support

Main liaison points to support external compliance audit for area responsible by the IT Dept.; i.e. Finance Audit, etc.

TECHNICAL REQUIREMENTS:

Tertiary education with working experience/knowledge in the following area:

Bachelor's degree in Information Technology, Computer Science, Finance, or a related field.

Proven experience in preparing audits and assessments related to ISO 27001, 22301, and information security standards.

Proven experience in project management.

Professional certifications such as CISA, CISSP, PMP, ISO 27001/22301 Lead Auditor, or equivalent are desirable.

Familiarity with regulatory requirements such as GDPR, PDPC is a plus