Are you looking for unlimited opportunities to develop and succeed? With work that challenges and makes a difference and a flexible and supportive environment, we can help our customers achieve their dreams and aspirations.
The individual is responsible for the country local information risk management 'IRM, in alignment with the mandates and objectives from Country, Asia and Global IRM. The individual collaborate and liaise with Country Information Services, Business Units, Asia IRM stakeholders and Global Center of Excellent CoE team, participles in country governance on information risk management and support the implementation of IRM program objectives and execute the practices & controls, and resilience for the country. In addition, to represent the country for Information Risk initiatives, contributing to build division business case, standards, and framework, bring awareness, in order to success in satisfaction from country CIO/Head of IT, business and Asia IRM.
Key Accountabilities (Allocate the percent of total working time spending on each accountability, which should add up to 100%)
- Execute Information Risk Management practices and controls
- Provide advisory and guidance on Information Risk, Technology Security, Risk and regulatory for information services and business
- Perform and validate Information and Vendor Risk Assessment, participate in due diligence on vendor selection process, identify potential risk and provide guidance of risk mitigation and acceptance process
- Assist on formulation of IRM Plan and solutions with various business units in order to ensure that the IRM development and implementation are effective, and in comply with the country and Asia divisional strategies and local regulations
- Assist to establish country local risk profiles and appetites, report country IRM risk and performance, the posture and exposures, maintain up to date with IRM metric system
- Coordinate country local security activities, including but not limited to application security scanning and penetration test, logical access regular assessment, information risk awareness and readiness for the Business Units
- Participates in country governance support the implementation of IRM program objectives, collaborate with Country Information service for IRM project delivery assurance
- Understanding of local technology risk regulatory requirements provides guidance, participate and directly engage in local country regulators’ reviews and exams, ensure compliance with the requirements including framework, guidelines & policies for IRM and IT, maintain of local IT regulatory matrix.
- Liaise with internal, external auditors, and regulatory agencies on risk and compliance reviews and exams. Guidance on IT audit planning and scope align with IT control objectives, oversee country audit issues addressed in a timely manner
- Incident management, responsible for establishing communication, response & handling in the event of local information risk and incident.
- Perform review of work period (e.g. monthly, quarterly, and annual) orders ensuring the project/CR production release is compliance with procedures/policies.
- Liaise with GIS/DXC team to improve the quality of helpdesk services.
- University graduate with minimum 4 years solid experience in Information Technology and/or Security Management gained in financial industry
- Experience in information risk, audit and compliance
- Experience in regulatory engagement.
- Proven ability to lead and manage teams to achieve business and/or risk management objectives.
- Ability to work independently and collaboratively simultaneously, while managing multiple priorities within tight deadlines
- Be able to work under pressure
- Good interpersonal communication, management and presentation skills
- Thought leader and work independently.