Technology Risk Manager, Risk & Security Management

Job details

Location: Singapore
Job Type: Permanent
Reference: IT/YT/TRMRSM/160618C
Posted: almost 3 years ago
Consultant: Yvonne Tang
Consultant Email: email Yvonne
Consultant Phone:

Job description


This candidate will be a member of the Technology & Cyber Risk team that provides the Cyber risk and security advisory functions to the organization:

  • Provide consultative information security governance, risk, and compliance advisory services for IT/OT systems and services, balancing appropriate security, business goals, and enterprise priorities to achieve collaborative outcomes to challenging business problems/objectives in a secure way

  • Work with IT/OT and business partners to ensure collaborative security control design and implementation in accordance to the security framework

  • Investigate complex, and sometimes historic practices/solutions to determine gaps, identify improvements and facilitate migration to a preferred state with a high degree of independence

  • Assess risk of issues/findings, assign ownership and obtain agreement from finding owner on a remediation plan

  • Develop and maintain comprehensive documentation of engagements performed and risks identified

  • Drive documentation and management of IT/information security issues and exceptions

  • Develop and deliver presentations tailored to different audiences to communicate the need for good information security practices embedded within IT/OT and business functions

  • Maintain and present executive level dashboards for management reporting

  • Review and keep up-to-date IT Policies and Standards, including introduction of new policies as required.



  • Degree or Diploma in Computer-related disciplines

  • Information Security or IT Controls Certification such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) would be an added advantage

  • At least 3 years’ experience that covers the below functions:

    • Experience in Technology Risk assessment and/or security advisory with thorough understanding of IT security best practices and the ability to effectively apply those practices

    • Experience with applying various governance frameworks and standards including ISO 27001/2, PDPA, PCI-DSS and NIST etc.

    • Possess knowledge across various information security technologies/areas in a large enterprise including firewalls, intrusion detection, encryption, Linux O/S, Windows O/S, databases, antivirus, patch management, vulnerability scanning, backup, logging and monitoring, remote access, application development, network security, application security, and change management

    • Conversant and well-versed in recommending efficient IT security controls throughout the SDLC cycle. Understanding security controls within Agile development framework would be an added advantage

    • Proven record of balancing business need/benefit versus security risk.  Direct experience owning a customer or business relationship on behalf of an organization a major plus


EA License no: 16S8066 | Registration no: R1110355

Only successful candidates will be notified.


This job has expired!