IT Security and Risk Manager for an Insurance Company

Responsibilities

  1. Create, implement and maintain policies, standards and guidelines covering IT Risk & Security Management (particularly in technology risks and information security risks);
  2. Provide oversight on the policies such as Technology Risk Framework, Key Risk Indicators, Security Operation, and Audit Tracking & etc.;
  3. Identify risks proactively and performs risk assessments
  4. Responsible for the IT Disaster Recovery & IT-BCP;
  5. Perform fire-calls for Data Invention requests;
  6. Perform reviews of Information Classification deviations and put up recommendation for user departments
  7. Conduct regular reviews on access control & sanctions;
  8. Ensure all quality processes continue to operate effectively, such as CAPA (Corrective action and preventive action);
  9. Lead all IT audit activities, which shall include the external (i.e.vendor) and internal assessments as well as all customer related, regulatory, as well as regional-governance audit activities;
  10. Work closely and liaise with internal IT auditors or regulator, IT security compliance and reporting;
  11. Perform IT Security Incident Management & Event Log Management;
  12. Responsible for Penetration & Vulnerability Assessment, and performs the Vulnerablity & Threat Management reviews and supervise Penetration Testing as required;
  13. Drive all IT Security related programmes or projects.
  14. Initiate, facilitate, and promote on-going education activities to create IT security and incident response awareness for all staff;
  15. Coordinate the project plans for IT Security related activities, monitor, track and escalate as required;
  16. Work closely with information system owners and technical members to secure information and mitigate the risks;
  17. Any other tasks as assigned by Head of Department.

Requirements

  1. Degree/Diploma in Computer Science, Information Technology; specialization in IT Security preferred.
  2. At least 5- 10 years of relevant experience with at least 2 years in leading a team;
  3. Knowledge in Insurance is preferred;
  4. Familiar and hands-on experience in effecting MAS regulatory guideline (e.g. MAS TRM Notice & Guidelines, Outsourcing guideline, etc.);
  5. Familiar with core platform (AS/400, Wintel, storage, network, databases) and security technologies preferred;
  6. Experience in vendor evaluation, validation and assessment advantageous;
  7. Familiar with Data Centre operations and Disaster Recovery will be advantageous;
  8. Highly driven and independent;
  9. CISSP, SSCP, CISM, CISA certification will be advantageous;
  10. Highly driven and independent;
  11. Excellent analytical, written and communication skills required.
  12. Proven track record on the ability to develop good working relationships.