It jobs in United States

Overall Job Purpose

As an Assistant Manager in the Governance, Risk and Compliance (GRC) team within the Security, Process and Governance department of the Digital Technology Transformation division, you will be responsible for tracking, managing, and reporting on the risk management and governance of ICT and Smart Systems (ICTSS) at Sentosa Development Corporation (SDC).

Reporting to the GRC Manager, you will oversee systems under GRC custody, including the IT Service Management (ITSM) system for service/change requests and incident reporting, Project & Portfolio Management, Compliance tracking, Digital Governance Platform, and maintenance of GRC knowledge bases and document repositories.

You will collaborate closely with system managers to maintain the SDC system inventory, track system changes, conduct periodic and ad hoc cybersecurity testing, perform IT risk assessments, coordinate audits, and follow up on findings until resolution.

Key Responsibilities

1. Manage GRC systems (e.g., ITSM, DGP, etc.)
2. Manage the GRC knowledge base, guidelines, forms, and templates in SharePoint Online repository
3. Coordinate the tracking and reporting of ICT & Smart System (ICTSS) delivery and support projects under Project & Portfolio Management
4. Support the GRC Manager in maintaining ICTSS policies and System Security Plans (SSPs)
5. Work with security testing vendors to track and report on periodic VAPT/SCR security tests and liaise with system managers to address findings promptly
6. Coordinate IT audit review sessions and respond to auditors with relevant internal and external stakeholders

Qualifications, Knowledge & Experience

1. Diploma/Degree in Information Technology or a related field
2. Minimum of 2 years of experience in IT application system lifecycle management and/or system support and management
3. Familiarity with data and cybersecurity risks and controls during system implementation and support, including vulnerability assessment, penetration testing (VA/PT), and SCR (source code review) for cloud-hosted, web-based, and mobile solutions
4. Understanding of IT risk management and controls
5. Experience with system audits and/or public sector system policies and governance is advantageous
6. Ability to handle tight deadlines and manage project constraints in a dynamic environment, including ad hoc risk profiling and compliance reporting
7. Familiarity with government procurement processes
8. Good written and spoken communication skills