Job Summary and Mission
This position
contributes to the success of wizlynx group by performing the following:
- Oversee
day-to-day GRC Teams’ operation that include Singapore, Malaysia and Hong Kong
during Asia-Pacific time zone
- Develop,
drive and owns Information Security Governance, Risk and Compliance practice
- Responsible
for the business development and presales activities
- Meeting
clients to pitch GRC services alongside with Sales
- Responsible
for the examination and analysis of
internal controls and business risks by performing IT audit work, developing
audit scope, procedures, and preparing audit reports for clients
- Lead and responsible for
development and operational activities across the entire scope of our clients
Security Governance, Risk and Compliance programs.
- The job encompasses leading and
participating in the assessment of security, risks, and control effectiveness
for applications, infrastructure, and technology projects. This consultant will
identify, classify, and document control issues in our client’s computing environment by documenting assessment
results, recommending corrective action, tracking remediation, evaluating
policy and control standard exceptions, and regularly reporting to our clients
IT management.
- Serve
as the primary contact point for issue escalation for GRC services
- Manage
service support requirements and ensure that quality plan, KPIs/SLAs are met
- Draft
support SOP and documentation
- Models
and acts in accordance with wizlynx group guiding principles
Summary of Key Responsibilities
Responsibilities may include the
following, but are not limited to:
- Leads
IT control assessments for our clients to ensure effective IT controls are in
place to meeting operational and compliance requirements
- Works
with our clients’ IT, Internal Audit, Compliance and other key stakeholders to
create an IT GRC strategy that complies with professional standards and
addresses the IT risks inherent in our client’s operations and industry
- Performs
ongoing logical access reviews and recommends updates to access control
privileges to ensure proper Segregation of Duties based on user access reviews
- Effectively
reports and communicates testing results to client’s IT management for
corrective action, where required
- Pro-actively
identify other areas of business initiatives and changes in the business
environment and assess their impact on the business control environment
- Conducts
information security awareness training
- Performs
evidence collection and project management assistance of our clients annual compliance
(e.g. ISO 27001) certification program
- Track
and monitor risk exceptions to ensure control deviations are identified and
mitigating controls are in place
- Assist
our clients with drafting and maintaining information security policies
- Provides
mentoring for other team members
- Demonstrates
excellent project management skills, inspires teamwork and responsibility with
engagement team members, and uses current technology/tools to enhance the
effectiveness of deliverables and services
- Facilitates
the performance and testing of our client’s annual disaster recovery tests and
business continuity plans
Summary of Ideal Experience, Skills,
Knowledge, and Abilities
- A minimum of five years of
experience in information security audit or in a technology-related audit or
compliance field, and strong knowledge base in operations, enterprise
networking, system evaluation/architecture and consulting experience preferred
Ideal Experience
- A
minimum of five years of experience in information security or in a
technology-related field, and strong knowledge base in operations, enterprise
networking, system evaluation/architecture and consulting experience preferred
- Strong
understanding of and ability to provide security configuration and testing of
networking and operating systems, including Cloud architecture, and a wide
array of large-scale environments including various major web application
servers
- Strong
understanding of information security principles such as ISO 27001, CSA Cyber
Security Code of Practice, Secure-by-Design, MAS TRM Guidelines, HKMA CRAF PDPA
are desirables
- Knowledge
in NIST Cyber Security framework or CIS Controls will be desirable
- Sound
knowledge of internal control concepts and auditing techniques
- Strong
analytical and report writing
- Good
appreciation of fundamental accounting knowledge and/or audit knowledge and
financial controls
Language Skills
- Fluent
technical English (speech and writing)
- Ability
to communicate clearly and concisely, both orally and in writing, in local
language
Soft Skills
- Excellent team leadership, team oriented and team player
who takes ownership
- Flexible attitude, reliable, action oriented
- Customer friendly approach and appearance
- Willingness to travel
- Innovative to push new ideas, dynamic and forward looking
with clear management principle towards the team
- Able to work independently, critical thinking and be able
to communicate effectively with the support team and customers
- Enjoys working in global team with different cultures
Technical Skills and Abilities
- Microsoft OS and Office knowledge
- Technical document writing
- Experience in Project Management in IT
- Knowledge in perimeter firewall infrastructure and VPN
remote access
Summary of Education
- Bachelor's
degree from an accredited college/university in an appropriate field
Certifications / Training
- CISM,
CISA, CRISC, CISSP certified
- ISO
27001 Lead Auditor certification is preferred
KEY PERFORMANCE INDICATORS / MEASURES OF SUCCESS
- Achieve
agreed targets/SLA/KPI in terms of quality, time and cost
- Lead
team members to achieve team/organizational goals
- Reduce
team turnover
- Improve
and retain high customer satisfaction
POTENTIAL CAREER DEVELOPMENT
- Advance to
higher business development tiers or geographic reach