Your new company
Large Non Profit Organisation
Your new role
• Prioritize supporting and advancing the security management's instructions.
• Improve current procedures for reducing cyber threats and creating a risk framework.
• Coordinate risk appetite and make required business process adjustments.
• Support and carry out a program to renew knowledge of security compliance and governance.
• Adhere to and put into effect best practices for risk management, including the use of risk registers, issue management, a library of risks and controls, impact thresholds, risk reporting, controls testing, and security governance.
• Determine the risks associated with IT and business initiatives and activities based on policy, standards, technological compliance requirements, and best practices.
• Ensure that risk-reduction security measures are effectively implemented.
• Acceptance of risk exceptions must be adequately controlled, validated on time, and escalated.
• Create a report on the state of security for top management.
• Participate in third-party risk management, and effectively participate in and oversee audit operations
• Take part in and make a constructive contribution to fostering a culture of inclusivity, diversity, and respect. Participate actively in initiatives across teams, divisions, and departments and serve as a role model for teamwork
What you'll need to succeed
- University degree or above in IT, Management Information System, cybersecurity and/or risk compliance.
- At least 5-8 years of experience in IT technical roles and audit, 3-5 years of hand-on in technology risk assessment and security compliance aspects.
- CISA, CISSP, CRISC or equivalent is preferable.
- Experience in adopting risk-based assessment methodologies and engaging audit counter-parts.
- Knowledge of ISMS, ISO27000, ISO31000 and other major information security frameworks/Practices e.g. NIST, COBIT etc.
- Strong knowledge of Audit control framework, IT general controls, Cybersecurity Risk, Tech Risk (including infrastructure, cloud and applications security).
- IT background with operations, enterprise networking, operating systems and database security risk controls.
- Sound skill across: DevSecOps, cloud security, PII, GDPR, and Cyber security laws in China.
- High problem solving, risk management and analytical skills.
- Strong interpersonal, management, negotiation and presentation skill.
- Experience in performing risk assessment and evaluation.
- Experience in reporting risk tailored to IT and business stakeholders about most significant risks to the business.
- Competency consulting background in IT, Cyber Security and/or IT Audit and Control Compliance.
- Competency interacting with seasoned colleagues on Technology and Cybersecurity Risk, Audit and compliance agenda.
- Experience in building and promoting risk awareness amongst IT and buz staff by providing support and training within the company.
- Effectively manage multiple priorities, work independently and in a team-oriented and collaborative environment.
- An aptitude for technical writing e.g. assessment reports, presentations, management dashboard and risk indicators/metrics.
What you need to do now
If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV or drop an email to email@example.com, or call us now by +852-2230-7914.
If this job isn't quite right for you but you are looking for a new position, please contact us for a confidential discussion on your career. #1235886