5 June 2024

Seeking IT Security professional with a keen interest in Information Technology (IT) Governance, Risk and Compliance to enable cyber resilience and information security for mission critical systems.
The individual will be responsible to conduct cyber risk assessment in support of technology initiatives to help identify IT related risk and determines appropriate controls to mitigate risks.

Mandatory Skill(s)

  • Degree in Computer Science, Information Security or Information Systems;
  • At least 2-3 years of experience in IT security space with a strong experience in IT GRC ( Governance, Risk and Compliance ) related functions;
  • Deep knowledge and understanding of internal controls, security frameworks, risk management and IT governance, auditing techniques and methodologies;
  • Good knowledge of enterprise IT systems and components (applications, operating systems, databases, networks, cloud, DevOps;
  • Knowledgeable in using various cyber security monitoring and analysis tools and techniques depending on the organization's needs and requirements;
  • Familiar with cyber security standards, protocols and frameworks such as NIST CSF, CIS, PDPA;
  • Strong in analytical thinking with attention to detail;
  • Excellent communication and inter personal skills.

Desirable Skill(s)

  • CISSP, CISM, CRISC, CGEIT and/or CISA certified.

Responsibilities

  • Act as a Subject Matter Expert on IT Governance, Risk management and Compliance (GRC) and related policies and procedures;
  • Responsible for documenting methodologies and tools to mitigate information security or cyber risk;
  • Prepare reports for information security or cyber risk related reporting, threat awareness and security awareness reports;
  • Conduct compliance assessments and tracking the overall compliance health in relation to IT governance standards and procedures in compliance with regulatory requirements;
  • Recommend corrective actions or appropriate security controls to mitigate technical risk;
  • Continuously identify GRC Key risk indicators (KRI) and maintain IT Risk Register;
  • Assist in the development of policies for conducting cyber security risk assessments and compliance audits;
  • Formulate governance procedures for documenting and updating security policy, standards, guidelines and procedures;
  • Perform information security or cyber risk assessment activities and assess third party security controls and internal security systems;
  • Establish scope of risk analysis for new technology initiatives;
  • Keep abreast of the dynamic cyber threat landscape and identify opportunities for enhancement of IT risk processes;
  • Provide regular updates on the overall health of compliance, criticality assessment, audit findings, remediation and action plans.

If you are interested in this role, click on the “Apply to this job” button below or you could also write in with your CV to Aditi Jain at aditi.jain@sciente.com quoting the job title.

Aditi Jain
EA Reg No.: R1983754
Managing Consultant
Let’s connect via