IT Risk and Compliance Specialist

This position sits within the Risk Management section of the IT Security Department and reports directly to the IT Risk and Compliance Manager. The role provides support across multiple regions, including Singapore, the US, Cardiff, Switzerland, and the Netherlands.

The IT Risk and Compliance Specialist will play a supporting role in helping the Manager ensure that risks associated with the IB’s information, systems, and applications are effectively managed, mitigated, and controlled. Key responsibilities include assisting in the development, implementation, and maintenance of IT policies and procedures, supporting IT risk assessments, control reviews, and compliance checks to meet audit requirements. And providing administrative and coordination support for risk and compliance activities, including timely follow-up on action items.
 

Information Risk Management

• Support the Manager to identify and evaluate IT risks with their potential impact which include areas such as data protection, project management, security by design framework, data management, network and infrastructure, etc.).

• Assist in monitoring the key risk indicators and tracking of corrective action plan to mitigate the risks.

• Assist the Manager to update the risk related activities with internal stakeholders, ensuring regular reviews and reporting of identified risks.

• Assist in maintaining of IT Security policies, procedures and control assessments in response to identified risks.

• Support the management of IT vendor security risk assessments for both new and existing vendors, ensuring risks are identified and documented.

• Support the Manager in conducting phishing campaigns and awareness exercises.

   

IT Audit and Assurance

• Assist the Manager with updates to the IT Annual Audit Plan.

• Provide coordination and administrative support for IT audits, including collating and organizing required audit evidence.

• Assist in tracking remediation progress for audit findings, ensuring timely updates to the audit tracker.

About You

• Degree in IT, Computer Science, Engineering, Information Security or equivalent.

• Prior working experience in IT, with at least 2 years of experience in Technology Risk Management (including cyber security) or technology audits.

• Demonstrated hands-on experience in identifying, assessing, treating, monitoring, reporting and advising on technology risk management.

• Good working knowledge of security risk management and security governance methodologies, industry security standards such as ISO27001/2, CIS Critical Controls, NIST Cybersecurity Framework, risk management tools, technical vulnerability management, security technologies and trends and security operations.

• Good working knowledge of privacy and data protection laws and regulations (GDPR, PCI-DSS).

• Good organizational, problem solving, interpersonal and operating skills.

• A current, recognized, professional security management certification (e.g., CRISC, CISA, CISM, CISSP) is desired.

• Good communication skills (both written and oral), able to work both independently and in a team-oriented collaborative environment.