Senior/ IT Consultant - IT Governance, Risk and Compliance (GRC), Communications and Information Technology

Job Responsibilities

• Work on standards and framework, and to drive the implementation and organizational awareness to support IT Governance, Risk & Compliance (GRC) objectives.
• Support initiatives to assess the adequacy and effectiveness of IT controls and policies, and direct remediation activities to ensure that compliance gaps are successfully addressed.
• Manage and ensure IT policies and procedures up to date across the organization, working with the appropriate stakeholders.
• Jointly monitor, track and review with Cyber Security team and other IT teams on all risk findings and assessments of IT initiatives.
• Develop, maintain, review and report on the IT Risk Register. Schedule and participate in periodic risk self-assessments and track remediation action plans.
• Conduct risk control testing.
• Front auditors, both internal and external, for audits directed at the IT Division or at business divisions where IT involvement is required.
• Consolidate IT incidents and conduct root cause analysis.
• Support business continuity functions. E.g. tabletop exercise, disaster recovery exercise.
• Detailed reporting on security risk issues and treatment plans to SIT management or statutory reporting to MOE.
• Drive continuous improvement based on expert knowledge in domain areas, industry best practices, established market standards and certifications, and business objectives.

Requirements

• Bachelor’s degree in Information Technology or Computer Science or related fields
• Minimum 4 years of experience in IT governance, audits and risk management
• Experience in ISO27001 compliance efforts and certification experience is highly desirable
• Good knowledge and experience with standards and frameworks like NIST, ISO27001, MTCS, and Personal Data Protection Act (PDPA) is essential; familiarity with Government IM and PCI-DSS
• Industry certifications like ITIL, COBIT, PMP, DRM/BCM, CISSP/CISA/CISM are desirable
• Possess excellent written and oral communication skills with the ability to present ideas and results to all levels of staff, including C-Level and Board executives
• Good analytical and problem-solving skills
• Have a positive attitude and excellent team player