Title:  Senior Specialist IT Governance Risk and Compliance

Job Summary

This role is an excellent opportunity in the Cybersecurity team to be part of IT GRC practitioners. This position will assist the IT GRC lead to support and provide management of IT governance practices within DKSH. Ideally, someone who has strong IT governance, compliance and audit knowledge and IT security skills as a core competency. You will have the opportunity to drive and support the implementation of IT governance framework and security controls, processes and regulatory compliance and driving maturity of the overall IT GRC practices within DKSH.

General Responsibilities

• Support the execution of strategical direction for the function, from planning, implementing, and budgeting to motivational and promotional activities expounding the value of IT GRC
• Member of cybersecurity professionals on operational activities to build, run and operationalize IT GRC practices with stakeholders
• Report and escalate to leadership management team on controls effectiveness and operational efficiencies
• Implement and promote IT GRC framework, policies, standards, IT risk management and GRC tools across DKSH
• Promote and support “center of excellence” for cybersecurity management, continuous improvement and optimization of security solutions and processes
• Support the commissions or the preparation, implementation and validating of cybersecurity policies, standards, procedures and guidelines 
• Operate and support the continuous ISO27001 compliance and certification
• Operate and support the design and operation of related compliance monitoring and improvement activities to ensure compliance with compliance with ISO27001 practices, internal security policies and applicable laws and regulations 
• Support security awareness, training and educational activities by providing suitable guidance to the team and stakeholders
• Operate or commissions information security risk assessments, including vendor and client risk assessments, contract reviews, and controls selection activities 
• Support the information security incident investigation and management process and post incident review from IT GRC standpoint
• Keep abreast of latest security and privacy legislation, regulations, adversaries, alerts, and vulnerabilities
• Support IT GRC on global data privacy practices

Functional Skills and Knowledge

• Excellent knowledge on IT governance framework, practices, policy management, risk management and IT GRC tools
• Knowledge on IT environment, technologies, solutions such as Windows/Linux Operating System, Cloud, AD, DNS, DHCP, IPS, AV, Firewalls, Routers, Switches, VM, etc will be advantageous

Education

• Bachelor's degree in Computing/Information Technology or equivalent
• Certification in lead auditor for ISO27001, COBIT, ITIL, CISA or equivalent