Mô Tả Công Việc
I. JOB BRIEF:
As an IT Risk and Governance specialist, you will research, develop, manage, supervise, and operate IT information security. Your responsibilities will include designing, proposing, and implementing security solutions to ensure IT information security, with a focus on IT Governance. You will collaborate closely with the IT team to develop and implement IT policies and procedures across the organization. Your goal will be to ensure effective IT governance and compliance.
II. DETAILED JOB DESCRIPTION:
1. Lead to develop and implement IT policies and procedures across the organization.
2. Ensure effective IT governance and compliance.
3. Act as a point of contact for both internal and external audits, ensuring that any audit gaps are closed within the timeframes specified.
4. Create and run an IT governance framework that provides lean and transparent audit engagement and compliance management.
5. Provide advice and expertise on IT governance, IT policies and standards, and effective IT risk assessment practices.
6. Responsible for the development of IT policy, governance, regulatory standards, and processes.
7. Maintain IT Governance documentation to ensure timely review, approval, and publication.
8. Work with process owners to develop and implement effective governance and management of relevant policies, guidelines, standards, and procedures.
9. Drive and manage the creation, review, and dissemination of IT-related reports to senior management.
10. Work with management to identify gaps in IT governance and risk management and develop action plans to close them.
11. Ensure that all changes are tracked by the appropriate change management procedure.
12. Report directly to the IT Infrastructure and Support Manager and indirectly to IT Director.
Yêu Cầu Công Việc
- Bachelor’s degree in Computer Engineering, Computer Science, or related field.
- At least two years of experience in IT Risk and Governance.
- A background in IT auditing and risk management is preferred.
- Strong verbal and written communication skills, as well as the ability to communicate IT topics to both technical and non-technical employees at all levels of the organization.
- Capable of connecting people, processes, and information to produce appropriate results.
- A self-starter who wants to learn and broaden their knowledge to continuously add value to the organization.
- Familiarity with specific tools and technologies, such as vulnerability assessment tools and security information and event management (SIEM) systems.