Responsibilities / Duties:
We made risk management agile. We believe that unrestricted collaboration and continuous conscious re prioritization are key to effective execution, so we took an innovative approach to risk management applied agile practices to manage our daily work.
Here your work makes impact every day. Non-hierarchical organization supports free-flowing communication and empowers employees to take initiatives. Your voice is heard and your actions seen.
You are the right fit for this role if you:
- Have the skills in risk identification and management of process across all aspects of Technology.
- Have ability to maintain the effectiveness of enterprise -wide information security strategy including related programs, processes and initiatives.
- Assessing the current adequacy of the security strategy, business continuity/disaster recovery plans, threats to systems, and then calculating the impact of potential adverse events.
- Audits and assessments must be continual, as the threat profiles change constantly.
- Ensures management are kept up to date on the results of the risk assessment and make recommendations for mitigations, or projects to protect their systems or cover potential losses.
- Continually improve the quality of the risk management – through evaluation of communication security, data vulnerability, business continuity and compliance risks.
- Self-identification of risks even before it occurs
- Stay knowledgeable of current advances in all areas of information technology concerning vulnerabilities, security breaches or malicious attacks
- Identify vulnerabilities or weaknesses in systems
- Examine employee compliance with security controls and deficiencies
- Evaluate security policy, processes and procedures for completeness
- Ensure that controls are adequate to protect sensitive information systems
- Clearly document and define risks and potential impacts along with the statistical probability of such an event and identify systems affected by the defined risk
- Provide mitigation/damage reduction proposals
Requirements / Qualifications:
- Experience in IT Risk and/or InfoSec
- Significant knowledge in 2 or more: Application Security, IT Governance, IT Compliance & Audit, Identity & Access Management, Cloud Security, Asset Security, Threat/Vulnerability Management, BCM & DR
- Proficiency in written and spoken English (It would be a plus if the candidate understands another Asian language – Mandarin/Japanese)
- Excellent time management skills
- Drive to execute
- Excellent stakeholder management and communication (Verbal and written) skills
- Confidence to respectfully challenge stakeholders
- Ability to quickly adopt to quick changes
- Ability to summarize complex technology issue
- IT Audit experience
- Project Management experiment
- Information risk and/or security qualification (CISSP, CRISC, CISM or equivalent)