Job Description

Singapore, Singapore

Company: Singtel Group

Responsibilities:

• Coordinates the continuous development, implementation and updating of security and privacy policies, standards, guidelines, baselines, processes and procedures in compliance with local, state and federal regulations and standards for University information systems.
• Develop and manage the frameworks, processes, tools and consultancy necessary for IT to properly manage risk and to make risk-based decisions related to IT activities.
• Proactive identification and mitigation of IT risks as well as responding to observations identified by third party auditors or examiners while assisting in the development of periodic reports and dashboards presenting the level of controls compliance and current IT risk posture.
• Assist IT managers and staff with the audits and facilitate management response and remediation efforts. Ensure overall IT compliance with regulatory requirements through proactive planning and communication, ownership and relationships.
• Broaden and deepen knowledge of the business and environment of
• IT with respect to the delivery of projects, strategic initiatives and systems
• portfolio to effectively assist IT managers and staff with risk and compliance management.
• Identify acceptable levels of residual risk and assist with action plans, policy and procedural changes for risk mitigation. Provide strategic recommendations to key IT projects to help improve project results, quality of deliverables, risk optimization, security processes and compliance with regulations.
• Manage permanent, temporary and student employees on the IT GRC team. Hire and recommend termination of employees, as necessary. Create formal evaluations and provide informal evaluations of IT GRC employees. Coach, mentor, train and develop IT GRC employees.
• Manage IT GRC Budget. Forecast and develop budget requirements and expenditures.
• Facilitate information systems security management education and training in regulatory and industry standards for all University employees.
• Receives allegations of security incidents and conducts complex investigations; prepares written findings, recommendations and follow up evaluation; and analyzes patterns and trends.
• Coordinates University information security incident response and reporting for events or exploited vulnerabilities including unauthorized system or network access, denial of service, inappropriate data access, data corruption, and/or collection of private or confidential information.
• Acts as ombudsman for disputes, requests for exceptions and complaints regarding University wide information systems security policies, practices and related issues.
• Works as a liaison with local, state and federal authorities requiring information and reports on security incidents to include campus police, FBI or other law enforcement agencies.

• Bachelor's degree or equivalent in Computer Information Systems, Management Information Systems or Computer Science and a minimum of 8 years work experience in the same type of work and 5 years supervisory experience. Prefer Master's Degree or Equivalent.
• Experience in risk, compliance and information security policy development.
• Knowledge and understanding of higher education, governmental agency or corporate/industry information security, governance, risk and compliance practices and standards.
• Knowledge of IT processes and controls and strong understanding of risk and control frameworks such as (CoBIT, ISO, NIST, ITIL, PCI).
• Possess Certified Information Systems Security Professional (CISSP) or other information systems security certifications