IT Compliance Specialist

Marina Bay Sands Pte Ltd Date Posted: 10-Oct-2017

Save Job

Job Description

Job Responsibilities

  • Develop, refine and implement information security policies, standards, procedures, checklists, and guidelines to meet the compliance and regulatory requirements
  • Review and update policies on yearly / quarterly basis
  • Coordinate and support IT compliance activities across technology and business projects
  • Develop and manage IT risk and security for multiple IT functional areas (e.g., applications, systems, network) across the organization
  • Execution of procedures and controls to assure compliance with applicable regulatory and legal requirements as well as good business practices
  • Lead and execute formal risk analysis and compliance self-assessments for various IT systems and processes and ensure assessments completed timely
  • Analyzes delivery and operation processes and requirements to determine conformance to security policies and procedures
  • Identify tasks and controls necessary to remediate identified risks and vulnerabilities; negotiate dates for remediation to be completed
  • Support and track technology delivery and operation teams on remediation of new and outstanding issues
  • Identify, document, and assess information security vulnerabilities and risks in the information technology environment and identify systems affected
  • Inform stakeholders about compliance and security-related issues and activities affecting the assigned area or project
  • Support all IT aspects of external / internal reviews and audits (e.g., SOX, PCI)
  • Work with delivery team in the preparation of the incident reporting
  • Work with Audit to ensure proper risk management and audit compliance
  • Develop and deliver IT risk & security awareness and compliance training programs
  • Provide risk and security briefings to advise on critical issues that may affect the business
  • Stay knowledgeable of current advances in all areas of information technology concerning vulnerabilities, security breaches or malicious attacks

 

Job Requirements:

  • At least 4 - 5 years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, systems administration
  • Ability to work well with key business partners across sectors and internal IT teams in a collaborative manner
  • Strong communications skills to be able to interact with technical and non-technical colleagues
  • Strong interest in IT risk management and keep abreast of the dynamic threat landscape
  • Maintains an up-to-date understanding of industry best practices
  • Working knowledge of security issues, techniques and implications across computer platforms
  • Familiarity in one or more of the following areas: application security, OS system security, database security, networking, mobile device security, cloud technologies, payment card, and web technologies
  • Working knowledge of SDLC, Change Control, and SQA methodologies, techniques, and general principles
  • Working knowledge in performing risk assessments
  • Knowledge in the following standards / regulatory directives: ISO 27001, SOC1, SOC2, PCI DSS, Sarbanes-Oxley, PDPA, OWASP
  • Knowledge and experience in mapping 3rd party vendor procedures against SOX controls
  • ASQ Certified Quality Auditor (CQA) or Certified Software Quality Engineer (CSQE) desirable

Job Responsibilities

  • Develop, refine and implement information security policies, standards, procedures, checklists, and guidelines to meet the compliance and regulatory requirements
  • Review and update policies on yearly / quarterly basis
  • Coordinate and support IT compliance activities across technology and business projects
  • Develop and manage IT risk and security for multiple IT functional areas (e.g., applications, systems, network) across the organization
  • Execution of procedures and controls to assure compliance with applicable regulatory and legal requirements as well as good business practices
  • Lead and execute formal risk analysis and compliance self-assessments for various IT systems and processes and ensure assessments completed timely
  • Analyzes delivery and operation processes and requirements to determine conformance to security policies and procedures
  • Identify tasks and controls necessary to remediate identified risks and vulnerabilities; negotiate dates for remediation to be completed
  • Support and track technology delivery and operation teams on remediation of new and outstanding issues
  • Identify, document, and assess information security vulnerabilities and risks in the information technology environment and identify systems affected
  • Inform stakeholders about compliance and security-related issues and activities affecting the assigned area or project
  • Support all IT aspects of external / internal reviews and audits (e.g., SOX, PCI)
  • Work with delivery team in the preparation of the incident reporting
  • Work with Audit to ensure proper risk management and audit compliance
  • Develop and deliver IT risk & security awareness and compliance training programs
  • Provide risk and security briefings to advise on critical issues that may affect the business
  • Stay knowledgeable of current advances in all areas of information technology concerning vulnerabilities, security breaches or malicious attacks

 

Job Requirements:

  • At least 4 - 5 years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, systems administration
  • Ability to work well with key business partners across sectors and internal IT teams in a collaborative manner
  • Strong communications skills to be able to interact with technical and non-technical colleagues
  • Strong interest in IT risk management and keep abreast of the dynamic threat landscape
  • Maintains an up-to-date understanding of industry best practices
  • Working knowledge of security issues, techniques and implications across computer platforms
  • Familiarity in one or more of the following areas: application security, OS system security, database security, networking, mobile device security, cloud technologies, payment card, and web technologies
  • Working knowledge of SDLC, Change Control, and SQA methodologies, techniques, and general principles
  • Working knowledge in performing risk assessments
  • Knowledge in the following standards / regulatory directives: ISO 27001, SOC1, SOC2, PCI DSS, Sarbanes-Oxley, PDPA, OWASP
  • Knowledge and experience in mapping 3rd party vendor procedures against SOX controls
  • ASQ Certified Quality Auditor (CQA) or Certified Software Quality Engineer (CSQE) desirable

Company Overview

Marina Bay Sands Pte Ltd