Manager - Technology Risk Governance

Type: Full-Time     Category: Finance
Share job on Facebook

Job Description

We are now Hiring for IAM Manager, Technology Risk Governance

Position: Manager, Technology Risk Governance

Role: Permanent Location: Cyberjaya

Industry: Insurance and Banking

Job Descriptions

  • The Manager will manage and deliver one or more of the below Technology Risk Governance’s core services for Group:
  •  Technology Risk Governance Core Services

o Information security awareness training program
o Third party security assessment
o Audit / regulatory support
o Risk reporting and risk measurement
o Policies, standards and issue management

  • Information Security Awareness – Design and drive the annual information security awareness training calendar. Work with vendors and Group Technology Risk leads to identify potential training topics and target.
  •  Third party security assessment (TPSA) – Process owner. Define minimum security requirements. Maintain oversight and governance on Group Functions and BUs’ management of third party security risk.
  • Audit/Regulatory Support – Act as facilitator between Group Functions, BU TR and internal/external audit identify and provide support for audit/regulatory assessment areas where responses should be centrally provided by Group TR.
  •  Risk Reporting – Maintain a calendar of risk committees, executive management meetings and regular publications. Collects relevant data from TR teams, perform risk analysis and compile required reports and publications in line with calendar.
  • Policies, standards & issue management – Define and own the policy & standards refresh cycle in accordance with Operational Risk requirements. Define and own a best in class Technology Issue Management process at the Group level. Advise Group Functions and BU TRs on the process and changes thereafter.

Job Requirement

  • Degree in Computer Science or related discipline
  • 6 - 10 years’ experience in Information Security /Technology Risk
  • Excellent written and verbal communication skills and ability to escalate timely to management.
  • Strong knowledge of Technology Risk Standards and Industry Standards frameworks such as ISO 27001 and NIST.
  • Strong knowledge of regulatory requirements as related to Information Security and Technology Risk
  • Familiarity with information security controls and technical knowledge in areas such as:, Infrastructure security, Application Security, Cyber Security, Identity and Access Management
  • Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC) preferable.
  • Occasional travel is required.

Kindly send your cv to azyan(AT)synlog.net or whatApps to +60126011002

Send application or enquiry to