This role is expected to provide a better assessment, and governance of IT risks (policies, procedures, and relevant activities) in order to protect, detect, respond, and recover, and avoid threats, and exposures, reduce or transfer risks, and/or mitigate the impact.
Performs the overall administration of core IT Risk and Compliance governance within IT MBAL:
• Manage the implementation of IT risk management frameworks and processes. Ensures IT Operational Risks are managed and/or mitigated and that all existing IT security infrastructure is abreast with the latest technology and industry standards.
• Ensure IT security policies/procedures are defined and complied with, and implemented across IT business units.
• Maintain IT policies, standards, and procedures to ensure demonstrable regulatory and legal control.
• Preparation and execution of work plans (including risk assessments) and audit programs for Internal IT Audit activities.
• Develop and monitor, measure Weekly/Monthly/Quarterly for IT Security/ IT Risk/ IT Compliance metrics to achieve the threshold and maturity level as required.
• Liaise with internal and external auditors, and business partners in terms of IT Security review, gap assessment, and audits.
• Have at least 2-year experience.
• Experience in IT security projects, risk assessments, audits, and compliance governance.
• Understanding potential risks, legal and compliance implications;
• Good understanding of common standards such as ISO 27001, ISO 20000, and ITIL.
• Good interpersonal communication, influencing, and relationship building skills.
• Knowledge of technology risk management in the life insurance industry is an advantage.