IT Risk Assurance Analyst , up to $6,000
Nature of Work
- Supports the functional leadership team to manage IT risks and controls on a timely basis: o drive effective and prioritized risk management processes across each team
- unblock issues and hurdles and raises awareness
- improve effectiveness of local risk forums
- run risk workshops where appropriate
- Coordinate remediation of risk and control gaps, providing and monitoring resolution actions owned by CIO areas (e.g. controls, issues, actions, key indicators)
- Lead and report on Operational Risk and Control Management (ORCM) implementation and risk & control remediation robustly & at pace
- Report and escalate on the status of the relevant risks and controls through established processes
- Drive strategic risk assessment, and reviews of risk management over major change initiatives
- Drive a robust process for risk event reporting and root cause analysis
- Drive actions and enhancement of controls based on lessons learned from Root Cause Analysis
Risks & Controls
- Good understanding of MAS Regulations, ABS, ISO 27001 and PCI DSS.
- Perform Threat Assessments, Control Assessments, Gap Assessments, Risk Assessments and Impact Assessments against Aviva Standards, Regulatory Requirements and Industry standards.
- Operate as an SME and advise mitigation controls by working with control owners.
- Identify, own and manage the specific key risks and/or IT controls and Business Protection standards that you are identified as the owner and/or nominee
- Ensure that issues and actions associated to controls / risks are remediated in a timely manner
- Maintain appropriate records on GRC tool
- Ensure that controls are sufficiently well designed and operating effectively to keep the risks that they mitigate within Aviva's tolerance level
- Report and escalate the status of the relevant risks, controls and standards as appropriate
- Accountable for prioritising own use of time to deliver the workload expected of the role while working within policy and guidelines and applying technical knowledge
- May support a team through delegated tasks including: work scheduling, budget monitoring, coaching and problem solving, induction, training, and helping with recruitment and performance appraisal and development processes
- Accountable for solving problems and dealing with difficulties in line with policy, process and other guidelines applying technical knowledge and expertise
- Depending on the nature of the specific role, problems can range from repetitive daily issues to complex technical problems requiring significant expertise
- Support front line staff by giving advice or by taking on accountability to resolve more complex problems
- Escalate problems according to guidelines
- Accountable for recommending change based on expert know how and analysis of precedent and similar previous problems
- Accountable for supporting planning and delivery of change and for recommending change to the risk mitigations processes and ways of working based on expert know how
- Take personal initiative in adapting to change and may be required to lead change in a team
- Collaborate with stake holders involved in all aspects of risk management, for example:
- Integrated Assurance Implementation teams
- 2nd line Risk and Compliance teams
- Internal Audit
- Aviva Group counterparts
- Day to day engagement with a range of local control owners and nominees involved in all aspects of Risk Management to ensure proactive and timely Risk mitigation
- Work with stakeholders to track and drive completion of objectives and remediation actions within given deadlines.
- Build effective working relationships across relevant teams in external suppliers.
- Play role as Subject Matter Expert in performing Information Security Risk Assessment and Third Party Information Security Assessment.
- Minimum of Diploma (IT and Relevant Disciplines)
- Minimum 4 - 6 years of relevant working experience
- Understanding of MAS TRM regulations and notices
- Understanding of the CIO business, strategy and plans
- Must hold at least one CISSP, CISA, CISM, CRISC or ISO 27001 LA.
Interested applicants, please Email [Click Here to Email Your Resume]
Jane Ng Wei Ling
Recruit Express Pte Ltd
EA Licence No: 99C4599
We regret that only shortlisted candidates will be contacted.
Recruit Express Pte Ltd