Senior IT Risk and Control Specialist

CLIENT: Energy trading firm

SALARY: S$10,000 to 12,000 per month + Attractive Bonus

• Oversee control activities across multiple offices and to ensure that company’s control framework is governing the business operation in a safe and compliant manner.
• Identify weaknesses within the organization's IT processes and infrastructures and ensure that proper measures are implemented to minimize such risk. You will also ensure that an optimized set of business process maps are in place and our internal procedures are promptly updated to reflect the agreed framework.
• Work with commercial and functional team to provide solutions/ recommendations to improve the controls and drive efficiency through continuous improvement. Proactively look out for any breach of procedure by our staff and potential control gap that could create a material risk to our organization.
• Responsible for collating global Internal Control reporting information that is required by both internal management and external stakeholders.

Support the development and implementation of the IT Risk Management Framework, policies, and processes.

Coordinate and ensure key IT policies and procedures are documented and updated annually.

Conduct investigations of IT incidents, delivering detailed reports that summarize root causes, impact assessments, and recommended corrective actions.

Identify, assess, and monitor IT operational risks, including those related to change deployments, incident management, and system stability.

Conduct risk assessments on IT projects, system changes, and deployment pipelines to identify potential vulnerabilities and control gaps.

Track and manage risks and ensure follow-up actions are completed. Ensure controls are put in place to mitigate and manage the identified risks.

Work closely with cross-functional teams including IT Operations, Cybersecurity, and development team to evaluate risks in system rollouts and technology changes.

Perform daily controls monitoring and review.

Conduct regular reviews on the privilege ID usage, key applications' user access.

Design, build and maintain Power BI dashboards and reports for risk identification, analysis and reporting.

Customize JIRA workflow and automation to adhere to Internal Control's framework and processes.

Support the Internal Control monthly report publication and ad-hoc reporting.

Participate and support internal and external audits, including J-Sox reporting, from evidence collection to tracking actions closure.

Drive a culture of risk awareness and continuous improvement within the organization.

Bachelors’ degree in Computer Science, Information Systems/Security and/or Business Management with professional certification in security and controls.

8 years of experience in IT Risk Management, IT Governance, Information Security or IT Infrastructure in energy/commodities trading or regulated environment.

Broad exposure to a range of diverse technology, security concepts, tools, and methodologies.

Experienced in reviewing technology domains across infrastructure, applications, cyber security, cloud technology, IT governance processes.

Experience in IT incident investigation and reporting.

Familiar with frameworks such as ITIL, COBIT, or ISO 27001 is an advantage.

Professional certifications such as CRISC, CISA, CISSP, ITIL Foundation, or similar is an advantage.

Competent in the full suite of MS Office packages - specifically Word, Excel, Visio PowerPoint applications.

Competent in the use of data analytics and visualization tools - e.g. Power BI, Python, SQL, ACL, Alteryx, Tableau is a considerable advantage.

Knowledge of JIRA, Allegro, SUN, CubeLogic, ZEMA and IMOS is an advantage.