Search Position Company All text
Sub Function:
Press CTRL to make multiple selections

Technology Risk Manager, Risk and Security Management

This candidate will be a member of the Technology & Cyber Risk team that provides the Cyber risk and security advisory functions to the organization:
• Provide consultative information security governance, risk, and compliance advisory services for IT/OT systems and services, balancing appropriate security, business goals, and enterprise priorities to achieve collaborative outcomes to challenging business problems/objectives in a secure way
˗ Work with IT/OT and business partners to ensure collaborative security control design and implementation in accordance to the security framework
˗ Investigate complex, and sometimes historic practices/solutions to determine gaps, identify improvements and facilitate migration to a preferred state with a high degree of independence
˗ Assess risk of issues/findings, assign ownership and obtain agreement from finding owner on a remediation plan
˗ Develop and maintain comprehensive documentation of engagements performed and risks identified
˗ Drive documentation and management of IT/information security issues and exceptions
• Develop and deliver presentations tailored to different audiences to communicate the need for good information security practices embedded within IT/OT and business functions
• Maintain and present executive level dashboards for management reporting
• Review and keep up-to-date IT Policies and Standards, including introduction of new policies as required.

• Degree or Diploma in Computer-related disciplines
• Information Security or IT Controls Certification such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) would be an added advantage
• At least 3 years’ experience that covers the below functions:
˗ Experience in Technology Risk assessment and/or security advisory with thorough understanding of IT security best practices and the ability to effectively apply those practices
˗ Experience with applying various governance frameworks and standards including ISO 27001/2, PDPA, PCI-DSS and NIST etc.
˗ Possess knowledge across various information security technologies/areas in a large enterprise including firewalls, intrusion detection, encryption, Linux O/S, Windows O/S, databases, antivirus, patch management, vulnerability scanning, backup, logging and monitoring, remote access, application development, network security, application security, and change management
˗ Conversant and well-versed in recommending efficient IT security controls throughout the SDLC cycle. Understanding security controls within Agile development framework would be an added advantage
˗ Proven record of balancing business need/benefit versus security risk. Direct experience owning a customer or business relationship on behalf of an organization a major plus

EA License no: 16S8066 | Registration no: R1110355
To apply, please email your CV to If you would like further information, please contact Yvonne Tang on +65 6435 5602 quoting IT/YT/TRMRSM/160618C
or complete the Application form below.
Application for Technology Risk Manager, Risk and Security Management

Your Name (*)
Your Email (*)
Your Contact Number (*)
(word or pdf document only please)

(*) Required fields

Contents © copyright 2012 Charterhouse. All rights reserved.