We are now Hiring for IAM Manager, Technology Risk Governance
Position: Manager, Technology Risk Governance
Role: Permanent Location: Cyberjaya
Industry: Insurance and Banking
- The Manager will manage and deliver one or more of the below Technology Risk Governance’s core services for Group:
- Technology Risk Governance Core Services
o Information security awareness training program
o Third party security assessment
o Audit / regulatory support
o Risk reporting and risk measurement
o Policies, standards and issue management
- Information Security Awareness – Design and drive the annual information security awareness training calendar. Work with vendors and Group Technology Risk leads to identify potential training topics and target.
- Third party security assessment (TPSA) – Process owner. Define minimum security requirements. Maintain oversight and governance on Group Functions and BUs’ management of third party security risk.
- Audit/Regulatory Support – Act as facilitator between Group Functions, BU TR and internal/external audit identify and provide support for audit/regulatory assessment areas where responses should be centrally provided by Group TR.
- Risk Reporting – Maintain a calendar of risk committees, executive management meetings and regular publications. Collects relevant data from TR teams, perform risk analysis and compile required reports and publications in line with calendar.
- Policies, standards & issue management – Define and own the policy & standards refresh cycle in accordance with Operational Risk requirements. Define and own a best in class Technology Issue Management process at the Group level. Advise Group Functions and BU TRs on the process and changes thereafter.
- Degree in Computer Science or related discipline
- 6 - 10 years’ experience in Information Security /Technology Risk
- Excellent written and verbal communication skills and ability to escalate timely to management.
- Strong knowledge of Technology Risk Standards and Industry Standards frameworks such as ISO 27001 and NIST.
- Strong knowledge of regulatory requirements as related to Information Security and Technology Risk
- Familiarity with information security controls and technical knowledge in areas such as:, Infrastructure security, Application Security, Cyber Security, Identity and Access Management
- Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC) preferable.
- Occasional travel is required.
Kindly send your cv to azyan(AT)synlog.net or whatApps to +60126011002