Security Specialist- GRC - Part-Time

Job Summary

Seeking IT Security professional with a keen interest in Information Technology (IT) Governance, Risk and Compliance to enable cyber resilience and information security for mission critical systems.
The individual will be responsible to conduct cyber risk assessment in support of technology initiatives to help identify IT related risk and determines appropriate controls to mitigate risks.

Mandatory Skill-set

• Degree in Computer Science, Information Security or Information Systems;
• At least 2-3 years of experience in IT security space with a strong experience in IT GRC ( Governance, Risk and Compliance ) related functions;
• Deep knowledge and understanding of internal controls, security frameworks, risk management and IT governance, auditing techniques and methodologies;
• Good knowledge of enterprise IT systems and components (applications, operating systems, databases, networks, cloud, DevOps;
• Knowledgeable in using various cyber security monitoring and analysis tools and techniques depending on the organization's needs and requirements;
• Familiar with cyber security standards, protocols and frameworks such as NIST CSF, CIS, PDPA;
• Strong in analytical thinking with attention to detail;
• Excellent communication and inter personal skills.

Responsibilities

• Act as a Subject Matter Expert on IT Governance, Risk management and Compliance (GRC) and related policies and procedures;
• Responsible for documenting methodologies and tools to mitigate information security or cyber risk;
• Prepare reports for information security or cyber risk related reporting, threat awareness and security awareness reports;
• Conduct compliance assessments and tracking the overall compliance health in relation to IT governance standards and procedures in compliance with regulatory requirements;
• Recommend corrective actions or appropriate security controls to mitigate technical risk;
• Continuously identify GRC Key risk indicators (KRI) and maintain IT Risk Register;
• Assist in the development of policies for conducting cyber security risk assessments and compliance audits;
• Formulate governance procedures for documenting and updating security policy, standards, guidelines and procedures;
• Perform information security or cyber risk assessment activities and assess third party security controls and internal security systems;
• Establish scope of risk analysis for new technology initiatives;
• Keep abreast of the dynamic cyber threat landscape and identify opportunities for enhancement of IT risk processes;
• Provide regular updates on the overall health of compliance, criticality assessment, audit findings, remediation and action plans.

Should you be interested in this career opportunity, please send in your updated resume to [email protected] at the earliest.

When you apply, you voluntarily consent to the disclosure, collection and use of your personal data for employment/recruitment and related purposes in accordance with the SCIENTE Group Privacy Policy, a copy of which is published at SCIENTE’s website (https://www.sciente.com/privacy-policy).

Confidentiality is assured, and only shortlisted candidates will be notified for interviews.

EA Licence No. 07C5639