Roles and Responsibilities:
Control Assessment
61 Perform control assessments, including setting of scope and timelines in accordance with the documented process by understanding the processes & controls implemented by the various IT/Security teams
61 Conduct sampling testing of controls where required to ensure that they are implemented, operating, and functioning properly in line with the IT & Security policies and standards
61 Assess the overall risk and identify areas for improvement, including analysis & documentation of control gaps and provide recommendations where appropriate

Policy and Standards Review and Updates:
61 Facilitate the development, review, and enhancement of information security policies and standards.
61 Engage with stakeholders to gain a comprehensive understanding of current practices and accurately document them.
61 Support the development of a process to conduct regular update and review on security standards to ensure they reflect actual practices within the organization and align any applicable industry best practices.

Management Reporting:
61 Collaborate with management to document and summarize key plans and updates.
61 Develop comprehensive PowerPoint presentations to effectively communicate security updates, metrics, and achievements to senior management.

Security training program:
61 Develop and deliver comprehensive security awareness training program for employees.
61 Design engaging and informative content to promote security best practices across the organisation.
61 Monitor, assess, and report on the effectiveness of security awareness initiatives to ensure continuous improvement.

Minimum Job Requirements:
61 Degree in IT or Computer Science or related discipline;
61 10+ years’ experience in Information Security/Technology Risk/IT Auditing, , preferably with regional experience
61 Excellent written and verbal communication skills; sense and ability to escalate clearly and timely to management.
61 Good knowledge of industry technology control framework and standards i.e. ISO 27001, NIST or CIS benchmarks, etc
61 Strong critical thinking and time management
61 Capable of engaging key stakeholders and building alliances through active conversations including peer or more senior stakeholders who have no direct reporting relationships.
61 High degree of independence, responsibility and integrity. Ability to work under pressure with minimum supervision and meet milestones within time, cost and quality constraints
61 Familiarity with information security and technology controls across different domains such as Infrastructure security, Application Security, Cyber Security, Identity and Access Management, Cloud computing, IT operation, etc
61 Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC) is preferable.