IT Governance, Risk and Compliance (GRC)
Indexed description
Roles & Responsibilities:
Response IT Audit:
- Conduct Reporting Findings. Document and report audit findings, recommendations, and follow-up actions
- Collaborate with Teams: Work with IT and related teams to address identified issues.
- Response audit finding from OIC including Annual OIC IT Audit, CRAF, IT Environment Survey and Electronic Registration and Certificate
- Response audit finding from external IT audit
- Performing account review on AD
- Conduct high privilege account review.
Cybersecurity Awareness and Training:
- Maintain Security awareness and security training video for new staff
- Annual security awareness and training programs for all staffs
- Security awareness and training for individuals who clicked on links during the cyber drill
- Develop Training Programs: Create training materials and programs related to IT security
- Promote a Security Culture: Foster a culture of security awareness within the organization through ongoing education
Information Security Management System (ISMS):
- Maintain, document control and publish up-to-date IS Policy, Procedure and form
- Documentation Control. Maintain an organized documentation system for all ISMS-related documents
- Facilitate management reviews of the ISMS
- Implement a continuous improvement process to enhance the ISMS based on audit findings audit findings
Security Inspection:
- Identify vulnerabilities in the current network and server infrastructure, and collaborate with IT to ensure timely remediation
- Performing penetration tests to find any flaws on website and collaborate with IT to ensure timely remediation
- Review and validate system hardening and baseline configurations, working with IT to ensure prompt remediation
Required Skills:
- IT audit and regulatory compliance management
- Active Directory and privileged access review
- Security awareness and phishing simulation programs
- IT risk assessment and third-party risk management
- KRI monitoring and reporting
- Information Security Management System (ISMS) governance
- Security policy and documentation management
- Cybersecurity vulnerability assessment and remediation
- Penetration testing coordination
- Cross-team collaboration and security culture promotion
The Company reserves the right not to consider any candidate application or profile submitted by any recruitment agency without prior request, approval, or authorization from the Company, notwithstanding any existing service agreement between the parties. Any unsolicited candidate submission shall not create any obligation or liability whatsoever on the part of the Company. Should any recruitment agency wish to introduce candidates or discuss potential collaboration, please contact 02-022 5632 directly prior to taking any action.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search