Risk Management
- Develop and implement risk assessment models and frameworks.
- Identify potential threats and vulnerabilities and assess their potential impact on business operations.
- Monitor and report on risk indicators, risk appetite thresholds, and key risk metrics.
- Collaborate with cross-functional teams to develop risk mitigation plans.
Compliance Management
- Ensure the MSIL’s compliance with legal, regulatory, and internal policy requirements.
- Conduct regular audits and compliance reviews; report findings and recommend corrective actions.
- Stay up to date on relevant laws, regulations, and best practices (e.g., NIST, CSI, xx).
- Develop, implement, and maintain compliance training programs for employees.
Incident Response & Reporting
- Liaise with Security Operation Team, IT Team, IS Governance Team and contribute towards investigation, compliance breaches and risk incidents.
- Liaise with Information & Cybersecurity Incident Response Team, perform root-cause analysis, and implement corrective actions.
- Prepare regular risk and compliance reports for executive leadership and the MSIL Board.
Skill Requirements
1.Cybersecurity Fundamentals
2.IT Infrastructure Knowledge
- Risk Assessment frameworks & Tools – Proficiency in tools like RSA Archer, ServiceNow GRC, or MetricStream.
- Data Privacy & Protection – Knowledge of data handling standards like GDPR, HIPAA, and ISO/IEC 27001.
- Regulatory Frameworks – Deep understanding of SOX, PCI-DSS, NIST, COBIT, and other relevant standards
6.Audit Management – Ability to conduct internal audits, manage external audits, and respond to findings.
7.Policy Development – Experience in drafting, implementing, and updating IT compliance policies.4. Assertiveness and negotiation skill
8.Problem-Solving and Decision-Making
9.Communication – Clear reporting to stakeholders and translating technical risks into business language.
10.Managing cross-functional teams and training staff on compliance best practices.