Job Purpose You will manage the technology, information, and cyber risks for Great Eastern Group by assessing, controlling, and monitoring the risks across the group and its subsidiaries, testing the risk controls, and verifying the controls effectiveness.
- Develop and maintain threat modelling methodology for assessing risks;
- Establish and update the enterprise threat profile and risk posture;
- Conduct threat-based risk assessments of technology and security implementation, changes, and incidents;
- Advise the IT and business stakeholders on technology risk and security requirements;
- Validate and verify technical controls on their fitness and effectiveness in reducing risks;
- Plan and oversee controls testing such as social engineering and red-teaming exercises;
- Articulate the business impact and business risk associated with the technology risks;
- Develop and maintain technology and security risk metrics;
- Measure and monitor key technology risks;
- Manage the monitoring of email and web data loss;
- Keep abreast of the latest in security controls, threat landscape and emerging technologies;
- Take accountability in considering business and regulatory compliance risks and takes appropriate steps to mitigate the risks;
- Maintain awareness of industry trends on regulatory compliance, emerging threats and appropriate steps to mitigate the risks; and
- Highlight any potential concerns/risks and proactively shares best risk management practices.
- Degree/Diploma in IT, IS, or Computing and/or relevant domains;
- At least 7 years of relevant experience in technology risk management for IT infrastructure and service management, and application development;
- Experience or working knowledge in security and IT service management;
- Experience or working knowledge in security and IT infrastructure technologies;
- Experience or working knowledge in risk monitoring and reporting;
- Experience or working knowledge in controls testing such as social engineering exercises and red-teaming;
- Knowledge in threat modelling;
- Knowledge in industry security practices, frameworks and standards such as ISO27001/2, NIST Cybersecurity Framework, etc.;
- Knowledge in data loss monitoring;
- Analytical and able to identify systemic risk from risk indicators;
- Confident in challenging the stakeholders regarding state of controls;
- Adaptable, in a fast-paced, dynamic work environment;
- Demonstrated strong leadership skills;
- Able to lead and collaborate team effectively;
- Strong communication and interpersonal skills. Must work well in a team;
- High level of integrity, takes accountability of work and good attitude over teamwork; and
- Take initiative to improve current state of things and adaptable to embrace new changes.
To all recruitment agencies: Great Eastern does not accept unsolicited agency resumes. Please do not forward resumes to our email or our employees. We will not be responsible for any fees related to unsolicited resumes.