Manager - Group Technology Assurance
- Posted 02 November 2024
- Salary Negotiable
- LocationKuala Lumpur
- Discipline 變革與技術
- ReferenceHHTY20251002
- Contact NameTong Yu
Job description
PURPOSE
* Manage the end-to-end implementation of the Technology Assurance program that guides, monitors, evaluates and reports on the efficiency of the internal controls related to technology.
* Provide in-depth technical guidance on compliance requirements related to technology for control/process documentation, testing and issue management.
* Work closely with Group InfoSec Governance and Technology Assurance to effectively assess and resolve the gaps against standards, as well as international and local regulatory requirements related to technology controls.
* Drive, manage and/or perform the end-to-end Technology assessment to evaluate the design and effectiveness of technology controls throughout the business cycle.
KEY ACCOUNTABILITIES
* Manage and guide the team to perform end-to-end implementation of the technology assurance framework for all markets.
* Coordinate and review the evidence and collection for Technology related audits.
* Identify system and control owners and drive and coordinate with owners to support technology assurance and assessment activities.
* Collaborate with key technology, business, risk, audit and compliance teams to evaluate critical technology related risks.
* Propose, implement, and guide BUs for risk resolution prioritisation.
* Review the data collected and calculates for the defined Technology related KRIs and Metrics and prepare regular reports.
* Be the driver of improvement opportunities to increase efficiency and effectiveness of technology assurance program.
* Perform and be accountable for follow-ups through closure on the outstanding deficiencies and coach and advise control
owners in the design and implementation of processes and control improvement.
* Lead, develop, mentor and provide guidance to more junior members of the Tech Assurance Team.
QUALIFICATIONS / EXPERIENCE
* Minimum 7 to 10 years of experience in IT Audit and Risk Assessment.
* Degree from Information Technology or equivalent discipline.
* One of industry recognised certification such as CGEIT, CISSP, CISM, CISA, ISO 27001, CRISC, etc.
* Solid understanding of current and emerging technologies.
* Understanding of IT SOX and other IT/IS frameworks and best practices such as COSO, COBIT, ITIL, ISO 27001, SOC 1, 2, 3, etc.
* Good knowledge of privacy regulations and data protection.