Job Description

Reporting to the Lead IT Consultant (IT Governance) and supporting the Communications & Information Technology Division in Compus\xe2\x80\x99s IT Governance, Risk & Compliance (GRC), IT Disaster Recovery and Business Continuity and new Data Governance initiatives. The duties of the successful incumbent include the following: Responsibilities

• Work on standards and framework, and to drive the implementation and organizational awareness to support IT Governance, Risk & Compliance (GRC) objectives
• Support initiatives to assess the adequacy and effectiveness of IT controls and policies, and direct remediation activities to ensure that compliance gaps are successfully addressed
• Manage and ensure IT policies and procedures up to date across the organization, working with the appropriate stakeholders
• Jointly monitor, track and review with Cyber Security team and other IT teams on all risk findings and assessments of IT initiatives.
• Develop, maintain, review and report on the IT Risk Register. Schedule and participate in periodic risk self-assessments and track remediation action plans.
• Front auditors, both internal and external, for audits directed at the IT Division or at business divisions where IT involvement is required.
• Detailed reporting on security risk issues and treatment plans to SIT management or statutory reporting to MOE
• Work on new policies and standards for new Data Governance initiatives covering data security classification, handling, storage, retention and disposal
• Drive continuous improvement based on expert knowledge in domain areas, industry best practices, established market standards and certifications, and business objectives

• Bachelor\xe2\x80\x99s degree in information Technology or Computer Science or related fields
• Minimum 2 years\xe2\x80\x99 experience in IT governance, audits and risk management or in cybersecurity areas.
• Experience in ISO27001 compliance efforts and certification experience is highly desirable
• Good knowledge and experience with standards and frameworks like NIST, ISO27001, MTCS, and Personal Data Protection Act (PDPA) is a plus
• Possess excellent written and oral communication skills with the ability to present ideas and results to all levels of staff, including C-Level and Board executives