Senior Manager IT Security & Risk

Work withstakeholdersto resolvecomputer security incidents andvulnerability compliance. Provide advice andinputfor Disaster Recovery,Contingency, and Continuity of Operations Plans. Plan and conduct security authorization reviews and assurance case development forinitialinstallationof systems and networks.

• To have an independent role for the day-to-day IT technology security and risk management operations
• Responsible for planning, developing, communicating and reporting the effective implementation of technology, cyber risk, data protection and data privacy frameworks, policies and guidelines
• Plan, develop and implement Group business continuity, crisis management and disaster recovery plan
• Objective is to mitigate technology risks, minimizing losses and disruption to business and securing technology assets against potential threats
• Knowledge of security frameworks (eg COBIT, ISF, COSO) and standards ( eg ISO, NIST), information security principles, security architecture and regulatory requirements will be a plus
• Lead delivery of Governance, Risk and Compliance [GRC] security advisory engagements and projects related to industry standards and frameworks
• Lead and perform various types of security assessments (maturity, security, compliance, and risks) across QL Group
• Support GRC practice developments, collaborations, collaterals establishment and any enablement activities
• Build knowledge capital through research and development and facilitate risk assessment workshops
• Possess a proactive posture and commitment towards continuous improvement
• Collaboration and communication with multiple stakeholders within QL Group and / or external parties such as outsourced service providers, vendors and regulators
• Resource challenge in performing required reviews to ensure effectiveness of implementation of frameworks, policies and procedures
• Have experience in developing risk management governance structure and ensure compliance across organizations diverse environment
• Experience in engaging and managing various stakeholders with an ability to consult and develop remediation options, risk mitigation solutions, understanding of reporting requirements etc
• Practical experience and understanding of technology and business processes in providing related risk assurance and advisory considerations
• Demonstrates integrity, values, principles, and work ethic

• Minimum 8 years of experience in risk audit, compliance or information security function
• Bachelor degree in Information Technology or equivalent
• Professional qualification on information security certifications e.g. CISA/CISSP/CISM/CRISC
• Work experience in relevant areas of IT risk, enterprise risk management and/ or internal controls
• Project management experience highly preferred
• Have good written communication, presentation and report writing skills
• Ability to work independently and collaboratively as a team is essential