PURPOSE OF THE ROLE
Review and analyse the system, processes, risk and controls from the viewpoints of compliance, operations, and financial reporting risk. - Assess and report on Cyber Security control effectiveness in infrastructure and application level. - Recommend and facilitate the control improvement and/or remediation. The ideal candidate should have the work experience in IT audit and/or IT risk management consulting roles. Candidates with up-to-date IT knowledge with the audit or control background may also fit to this role.
【Security Control Assessment】
- Perform vulnerability testing, risk analyses and security assessments.
- Carry out IS and IT risks assessment to IT controls and processes and define assessment criteria for control enhancement.
【Security Control Review & Advisory】
- Work with our internal customers and develop the understanding of the IT environment. (process, application, policies)
- Provide control advisory or recommendations for the enhancements which align with the business strategy.
【Cyber Security Advisory】
- Research and anticipate security alerts, incidents and disasters that may potentially impact our operations.
- Support management in decision making with recommendation to IT control enhancements to improve the defence to cyberattack.
- Review IT processes based on company IS Chart of Controls and IPG policies and perform a gap analysis.
- Support IS team and/or business functions to implement actions plan.
【SOX Testing on IT Controls】
- Plan the testing approach on IT controls in scope for SOX, perform and document the walkthrough and the testing based on the company Instructions.
- Ensure that the controls are in place and operating effectively, or test the remediation's if any deficiencies.
【Collaboration with Internal or External Specialists】
- Collaborate with 3rd party specialists or consult with company IS or IPG and recommend on the security plan/strategy.
SKILLS & EXPERIENCE
- A minimum of two years of IT audit, IT risk management consulting, Internal Control, Audit, or similar roles - Fluent in English
- Excellent understanding of IT risk assessment and audit procedures
- Excellent organization skills and ability to manage multiple projects and deadlines
- Energetic, highly motivated, willing to take on challenges, ability to function as a team player or work independently
- University Degree