IT GRC Analyst

You are as unique as your background, experience and point of view. Here, you’ll be encouraged, empowered and challenged to be your best self. You'll work with dynamic colleagues - experts in their fields - who are eager to share their knowledge with you. Your leaders will inspire and help you reach your potential and soar to new heights. Every day, you'll have new and exciting opportunities to make life brighter for our Clients - who are at the heart of everything we do. Discover how you can make a difference in the lives of individuals, families and communities around the world.

Job Description:

Accountability

SLFs’ Risk Management framework sets out the over-arching framework for the management of risk across the enterprise. This role requires the implementation & embedding the program within Hong Kong in close alignment with Asia IT GRC team, Corporate Risk & Corporate Audit teams. Key component of the Operational Risk Management Framework includes working with Technology leaders (CIO, CTO etc.) to identify and assess the top inherent risks and the associated internal controls to help understand the residual risk exposure within the business.The role includes monitoring & independent testing of the day to day operating controls, escalating issues / Operational Risk Events & closely monitoring them.

• Developing, reviewing, approving and periodically refreshing HK IT operating guidelines stemming from corporate, regional & local requirements.
• Develop a risk strategy that identifies and classifies risks, measures risk levels using the CMMI Cyber Maturity / NIST CSF Framework.
• Identify, assess, manage, and track remediation of risks related to IT infrastructure, applications, platforms and suppliers and drive explicit requirements.
• Understanding of vulnerability management, penetration testing and security posture assessment programs.
• Embed control framework / Quality Management Systems to align with enterprise policy, directive and practices within in Hong Kong with up-to-date process flow documents.
• Draw up the HK IT Governance Plan for each year and drive adherence to it.
• Drive controls & compliance agenda for significant projects, initiatives & third-party relationships.
• Manage the risks associated with a significant business disruption by establishing & governing a comprehensive Business Continuity Management Program.
• Risk Assessment & response to the economic & business model and plan for new ventures, products and services.
• Collaborate with the Design and Product leads, as well as clients, to define a minimum viable business build (or product / service) compliant to SLF standards.

Eligibility & Functional Competencies

• Bachelor's Degree in CS/E&C/IT Engineering or MCA / MBA from Tie 1 institution with 4-8 years of experience in strategy development, business planning and future visioning in IT.
• IRM (https://www.theirm.org/) Level-1 or Level-2 certified.
• Exposure to innovation techniques/methodologies including design thinking, rapid prototyping & incubation, IP generation & protection, process innovation, etc.
• Assess technology that is new to the company such as cloud computing, mobile technology and high-performance computing programs, and their related support models.
• Exposure to recognized IT audit / security standards / practices (CISA, CIA, CISM, CISSP) designation (a plus).
• Fair understanding of concepts around COSO, COBIT, NIST, CSA, CRISC.
• Knowledge and skills in project management, project planning, budgets and methodologies.
• Maybe part of the delivery / governance team of large transformational engineering project.

Competencies (Behavioral)

• Proven relationship management skills including a demonstrated ability to deal effectively with staff of all levels including very senior functional Leaders.
• Perform the task to consistently deliver on time, high-quality reports and analytics to the various Enterprise Risk Committees, Board of Directors, and regulators.
• Multitasking and the ability to operate effectively under pressure.
• Strong written and verbal communication skills
• Excellent planning and organization skills and the ability to deal with complex issues.
• Experience working in a client-facing, matrix, project-based assignments; typically gained through prior audit, advisory, consulting, or accounting experience in a "Big Four" firm or other large organization.

Job Category:

Posting End Date: