Senior Manager IT Security & Risk

Overview

Work withstakeholdersto resolvecomputer security incidents andvulnerability compliance. Provide advice andinputfor Disaster Recovery,Contingency, and Continuity of Operations Plans. Plan and conduct security authorization reviews and assurance case development forinitialinstallationof systems and networks.

Key Accountabilities

• To have an independent role for the day-to-day IT technology security and risk management operations
• Responsible for planning, developing, communicating and reporting the effective implementation of technology, cyber risk, data protection and data privacy frameworks, policies and guidelines
• Plan, develop and implement Group business continuity, crisis management and disaster recovery plan
• Objective is to mitigate technology risks, minimizing losses and disruption to business and securing technology assets against potential threats
• Knowledge of security frameworks (eg COBIT, ISF, COSO) and standards ( eg ISO, NIST), information security principles, security architecture and regulatory requirements will be a plus
• Lead delivery of Governance, Risk and Compliance (GRC) security advisory engagements and projects related to industry standards and frameworks
• Lead and perform various types of security assessments (maturity, security, compliance, and risks) across QL Group
• Support GRC practice developments, collaborations, collaterals establishment and any enablement activities
• Build knowledge capital through research and development and facilitate risk assessment workshops
• Possess a proactive posture and commitment towards continuous improvement
• Collaboration and communication with multiple stakeholders within QL Group and / or external parties such as outsourced service providers, vendors and regulators
• Resource challenge in performing required reviews to ensure effectiveness of implementation of frameworks, policies and procedures
• Have experience in developing risk management governance structure and ensure compliance across organizations diverse environment
• Experience in engaging and managing various stakeholders with an ability to consult and develop remediation options, risk mitigation solutions, understanding of reporting requirements etc
• Practical experience and understanding of technology and business processes in providing related risk assurance and advisory considerations
• Demonstrates integrity, values, principles, and work ethic

Job Requirement

#J-18808-Ljbffr