IT Compliance & Governance Specialist
Marina Bay Sands Pte Ltd| Date Posted: 23-Jun-2019
'N' Levels / 'O' Levels, ITE/ NITEC/ Higher NITEC, 'A' Levels, Diploma, Bachelor's / Honours, Masters / PhD
- Develop, refine and implement information security policies, standards, procedures, checklists, and guidelines to meet the compliance and regulatory requirements
- Review and update policies on yearly / quarterly basis
- Coordinate and support IT compliance activities across technology and business projects
- Develop and manage IT risk and security for multiple IT functional areas (e.g., applications, systems, and network) across the organization.
- Execution of procedures and controls to assure compliance with applicable regulatory and legal requirements as well as good business practices
- Lead and execute formal risk analysis and compliance self-assessments for various IT systems and processes and ensure assessments completed timely
- Analyses delivery and operation processes and requirements to determine conformance to security policies and procedures.
- Identify tasks and controls necessary to remediate identified risks and vulnerabilities; negotiate dates for remediation to be completed
- Support and track technology delivery and operation teams on remediation of new and outstanding issues
- Identify, document, and assess information security vulnerabilities and risks in the information technology environment and identify systems affected
- Inform stakeholders about compliance and security-related issues and activities affecting the assigned area or project
- Support all IT aspects of external / internal reviews and audits (e.g., SOX, PCI)
- Work with delivery team in the preparation of the incident reporting
- Work with Audit to ensure proper risk management and audit compliance
- Develop and deliver IT risk & security awareness and compliance training programs
- Provide risk and security briefings to advice on critical issues that may affect the business
- Stay knowledgeable of current advances in all areas of information technology concerning vulnerabilities, security breaches or malicious attacks
- At least 4 - 5 years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, systems administration
- Ability to work well with key business partners across sectors and internal IT teams in a collaborative manner
- Strong communications skills to be able to interact with technical and non-technical colleagues
- Strong interest in IT risk management and keep abreast of the dynamic threat landscape
- Maintains an up-to-date understanding of industry best practices.
- Working knowledge of security issues, techniques and implications across computer platforms.
- Familiarity in one or more of the following areas: application security, OS system security, database security, networking, mobile device security, cloud technologies, payment card, and web technologies
- Working knowledge of SDLC, Change Control, and SQA methodologies, techniques, and general principles
- Working knowledge in performing risk assessments
- Knowledge in the following standards / regulatory directives: ISO 27001, SOC1, SOC2, PCI DSS, Sarbanes-Oxley, PDPA, OWASP
- Knowledge and experience in mapping 3rd party vendor procedures against SOX controls
- ASQ Certified Quality Auditor (CQA) or Certified Software Quality Engineer (CSQE) desirable