Responsibilities 

  • Implement an IT Compliance program to provide assurance on the compliance status in Group IT. The program will validate the key IT controls based on yearly prioritization and using an industry-accepted sampling methodology. The IT controls reviewed will consist of relevant processes, systems, reports and metrics.
  • Monitor state of IT compliance with regulatory requirements and internal policies, and report on compliance lapses.
  • Monitor changes in technology related legislation and regulation that affect the Group IT's Technology Risk management and compliance, and develop a compliance program to address potential gaps.
  • Conduct ongoing Compliance Review activities on key IT processes and system as per the plan and identify the gaps against standard requirements.
  • To provide timely reporting on compliance review activity to management and track to closure, all actions and risk arising from the review.
  • Assist in consolidating the Compliance Event Reporting form Group IT to GRM and also local RM&C.
  • Assist in reviewing CRSA for regulations as per GRM and local RM&C's schedule.
  • Assist in the reporting compliance matters to Group IT management on regular basis.
  • Assist in IT Audit engagements, monitor and track the audit progress, status of information submission and escalating overdue responses accordingly.
  • Assist in Root cause analysis for IT incidents, if required.
  • Educate staffs on compliance requirements and provide awareness session on risk & compliance matter.
  • Assist Department Risk officer and Department Compliance officer for GELM IT.
  • Assist in maintaining departments Risk Control Self-Assessment (RCSA) and conduct control testing according to GRM & local RM&C requirements.
  • Assist in the review of Project Risk Assessment (PRA) prepared by IT prior to start of project.

Requirements 

  • Degree in Computer Science or IT related studies with at least 6 years of relevant working experience.
  • A CISSP, CISA qualification or equivalent.
  • Knowledge of IT risk and controls framework, e.g. ISACA, ISO 27000 standards, and technology-related regulation such as MAS TRM Notice and Guidelines.
  • A self-starter, always striving for excellence, innovative with service oriented mindsets and initiative to improve processes.
  • Good interpersonal in both verbal and written skills.

 

Save