Job Purpose
We are looking for a QRM (Quality and Risk Management) Manager for Enterprise IT team. The role of the QRM manager is to:
1. Manage and monitor the Annual System Review (ASR) exercise across SMRT group for all systems , including definition of system criticality definition, control measures including user access controls, to work with system custodians and system owners in the guidance of performing periodic assessment. As such, the candidate should be proficient in IT controls relevant to system availability, confidentiality and integrity.
2. Perform quality and risk management on Enterprise IT contracts such as ensuring project teams review the Post Implementation Review (PIR), reviewing these PIR and sharing learnings with team..
3. Engage with Internal & External audit, help to clarify artefacts and controls. Summarise and share learnings across IT teams.
4. Review and propose IT General controls and ensure the IT Policies, SOP and work instructions from each team are sufficiently documented. Carry out review of these documents and provide value add. Support teams that require help to perform process reviews with objective of improving controls.
5. Manage and coordinate the ISO 5-in-1 Management Systems activities for Enterprise IT (ISO9K, ISO14K, ISO45K, ISO55K, ISO22301)
Responsibilities
Quality & Risk Management
Responsible for planning, coordinating, and collaborating with other cross-functional team members and providing required deliverables related to ASR activities.
o Engage with System Owners to explain importance and rationale
o Manage and coordinate the quarterly system and user access review
o Trigger and coordinate the quarterly system and user access review exercise
o Monitor the status of UAR (User Access Review) completion
o Follow up with application primary support on potential slippage and risk mitigation plans
o Review submissions for consistency, compliance with definition.
Review and manage list of IT Systems Inventory so as to get project teams to plan for re-evaluate strategies around tech-refresh, replace, renewal, upgrade or decommission etc. Present at management forums to get support and drive actions.
o Ensure that the application system inventory is updated
Conduct the annual IT Risk scoping and risk assessment exercise to ensure appropriate IT general controls and applicable in-scope systems.
o Risk assessment and maintenance of Enterprise IT risk register
o Conduct risk assessment across various teams within Enterprise IT
o Review and update of Enterprise IT risk register
IT Governance
Maintenance of Enterprise IT QRM policy and SOP documents
o Manage policies, procedures and frameworks
o Trigger the annual review of policies and SOPs
o Work with the respective Process Owners on the policies and SOPs, ensuring that they are updated
o Monitor the status and publish the approved policies and SOPs in Intranet (KM)
o Maintain the document control list of policies and SOPs
Conduct internal quality review/audit on projects and processes to ensure compliance to approved policies and procedures
o Manage and conduct Root Cause Analysis (RCA) for P1 and P2 incidents
o Training/briefing to all Enterprise IT staff and continually raise the level of governance awareness through knowledge sharing and journals/articles
Audit facilitation, including validation, for internal and external audits
o Facilitate external / internal audits and advisories from start to end
o Following up on the responses to audit findings, eg. Financial audit, IT audit, ISO audits
o Monitor and update status of audit follow-up action items
Facilitate the annual Control Self-Assessment (CSA)
o Ensure process owners review and update the CSA checklists
o Roll out the CSA checklists to staff to complete the self-assessment
o Collate the results for reporting to Internal Audit
Support projects/systems on quality and risk management matters
o Review of project and system related documents
o Provide advisory to projects and systems support teams
Manage and coordinate the ISO 5-in-1 Management Systems
o activities for Enterprise IT (ISO9K, ISO14K, ISO45K, ISO55K, ISO22301)
o Attend ISO training/briefing conducted by Safety and Security
o Maintain the update of ISO related documents
Qualifications & Work Experience
MNCJobz.com will not be responsible for any payment made to a third-party. All Terms of Use are applicable.