Industry: IT Support and Networking
Reporting to the Lead IT Consultant (IT Governance) and supporting the Communications & Information Technology Division in all IT Governance, Risk & Compliance (GRC), IT Disaster Recovery and Business Continuity and new Data Governance initiatives. The duties of the successful incumbent includes the following:
Work on standards and framework, and to drive the implementation and organizational awareness to support IT Governance, Risk & Compliance (GRC) objectives
Support initiatives to assess the adequacy and effectiveness of IT controls and policies, and direct remediation activities to ensure that compliance gaps are successfully addressed
Manage and ensure IT policies and procedures up to date across the organization, working with the appropriate stakeholders
Jointly monitor, track and review with Cyber Security team and other IT teams on all risk findings and assessments of IT initiatives.
Develop, maintain, review and report on the IT Risk Register. Schedule and participate in periodic risk self-assessments and track remediation action plans.
Front auditors, both internal and external, for audits directed at the IT Division or at business divisions where IT involvement is required.
Detailed reporting on security risk issues and treatment plans to management or statutory reporting to MOE
Work on new policies and standards for new Data Governance initiatives covering data security classification, handling, storage, retention and disposal
Drive continuous improvement based on expert knowledge in domain areas, industry best practices, established market standards and certifications, and business objectives
Bachelor’s degree in information Technology or Computer Science or related fields, with minimum 4 years’ experience in IT governance, audits and risk management
Experience in ISO27001 compliance efforts and certification experience is highly desirable
Good knowledge and experience with standards and frameworks like NIST, ISO27001, MTCS, and Personal Data Protection Act (PDPA) is essential; familiarity with Government IM and PCI-DSS
Industry certifications like ITIL, COBIT, PMP, DRM/BCM, CISSP/CISA/CISM are desirable
Possess excellent written and oral communication skills with the ability to present ideas and results to all levels of staff, including C-Level and Board executives
Good analytical and problem-solving skills
Have a positive attitude and excellent team player