Lead Technology Risk Adviser

  • Negotiable
  • Singapore
  • Permanent, Full time
  • Morgan McKinley Singapore , EA Licence No: 11C5502
  • 13 May 19

-

PRIMARY RESPONSIBILITIES

  • Assist the Technology & Cyber Risk Manager to identify, assess and manage information security vulnerabilities and risks in the IT environment, as well as financial intelligence leads.
  • Assess risks, evaluate for efficiencies and identify opportunities for improvement from people, process and technology perspectives.
  • Work with business units to determine the controls necessary to remediate identified risks and vulnerabilities; negotiate dates for remediation to be completed.
  • Ensure that identified risks are managed and tracked in accordance with the Risk Management program including all artefacts on risk assessment results.
  • Assist in the development of appropriate information security policies, standards, procedures, checklists, and guidelines to meet the regulatory and organization requirements.
  • Perform periodic due diligence on IT outsourced vendors, assess its residual risk and update to the risk register.
  • Provide oversight on account and application access administrative activities.
  • Regular review on Systems & Database privileged users' activities.



Qualifications

  • Bachelor Degree in Information Systems, Computer Science or Information Technology.
  • Min 5 years in IT Security field with at least 2 years in IT risk management.
  • Candidate with CISSP, CISA or CRISC will be a plus.
  • Experience with RCSA process of risk management.
  • Extensive knowledge in MAS TRM and MAS Notices on Cyber Hygiene
  • Strong interest in IT risk management and keep abreast of the dynamic threat landscape.
  • Knowledge of common IT technologies (OS, databases, network devices, applications)
  • Familiarity in one or more of the following areas: application security, OS system security, networking, mobile device security, cloud technologies (IaaS, SaaS environments, etc.), and web technologies.
  • Familiarity with International standards and best practices such as ISO 27001 and OWASP.
  • Familiar with IT Outsourcing processes.