IT Security GRC - Risk & Compliance (Technology)  

Risk Assessment:

• Conduct security risk assessment and cyber risk assessment and consolidation with other teams to ensure risks are identified, controls are in place (doable and measurable), if there is no control in place can identify mitigation action or remediation action
• Tracking and monitor remediation action to ensure all can be achieved within agreed timeline
• Discuss and liaise with risk owner to provide understanding and to gain commitment for risk mitigation / risk remediation action
• Perform maturity assessment periodically and articulating the results to relevant teams as part of continuous improvement
• Propose relevant security controls as part of risk mitigation covering prevention, detection, and corrective
• Continuously provide feedback related with security risk to other teams
• Monitor and track all third party including their risk assessment result and status of the remediation action
• Assist other team in reviewing whether user access matrix developed has fulfilled the requirement on segregation of duties and least privilege principle
• Ensure all Nakama already have sufficient security risk awareness
• Deliver and manage all security risk awareness program and activity

Compliance:

• Review new regulations issued by our government (regulators), especially related to information security and prepare gap analysis, identifying action to be taken to comply with the requirement
• Ensure the applied standards or held certifications (e.g. ISO 27001, PCI DSS) are well maintained
• Act as an audit support manager for every audit event or consultation event related with security, starting from obtaining evidence, provide answer and guidance to auditors / consultants, and became single point of contact / liaison with other teams (Tech and outside of Tech).

• 2+ years in IT Risk or IT Compliance, preferably within IT Security aspects
• Has risk and compliance sense, able to identify risk and the related controls, able to articulate it well to people with no risk / compliance bakground
• Familiar with regulation gap analysis process
• Has a willingness to learn and a good team player
• Have global certification on IT Risk / IT Audit is a plus point