Job Responsibilities:
This role provides independent cloud assurance inputs that inform the overall cloud cyber risk opinion issued by the Head, Cloud & Third‑Party Cyber Risk, supporting governance reporting and regulatory interaction.
Continuous Cloud Assurance
- Perform independent assessments of cloud security posture across production environments.
- Validate control effectiveness against approved standards and baseline configurations.
- The role may leverage outputs from cloud security, risk, or GRC platforms in performing assurance activities but does not own, configure, or administer such tools.
Cloud Risk Monitoring & Trend Analysis
- Collect, validate, and analyse cloud risk metrics and assurance results.
- Identify recurring control weaknesses, emerging risks, and systemic issues.
Assurance Reporting & Governance Support
- Provide assurance inputs for senior management, Board, and Committee reporting.
- Coordinate with the Cloud Project Risk Advisory function to assess whether material design‑stage risks have manifested post‑deployment.
- Support audits, regulatory reviews, and thematic inspections relating to cloud risk.
Remediation Validation & Closure Tracking
- Independently validate remediation actions taken by first-line teams.
- Track closure of material assurance findings.
Second‑Line Assurance Independence & Scope Boundaries
- Perform independent assurance and validation of cloud security controls without designing, implementing, operating, or remediating such controls.
- Leverage assurance evidence and tooling outputs without owning or administering cloud security or risk management platforms.
Job Requirements:
- Bachelor's Degree in Cybersecurity, Information Technology, Computer Science, Risk Management, or related discipline.
- Master's Degree or postgraduate qualification in Information Security, Technology Risk, or Enterprise Risk Management.
- Experienced in cloud security operations, cyber assurance, technology risk, or IT audit.
- Having any of these certifications is a plus (but not mandatory): CISM, CISSP, CCSP, CCSK, or vendor specific security certifications like AWS Certified Security Specialty, SC-100 Microsoft Cybersecurity Architect or equivalent, CRISC, CISA.
- Hands‑on experience assessing production cloud environments and control effectiveness.
- Experience supporting audits, regulatory reviews, or supervisory examinations.
- Strong knowledge of international standards (NIST, ISO 27001, CIS) and regional regulatory requirements (e.g., BNM RMIT, MAS).
- Deep expertise in cloud security architecture, concentration risk, and systemic third-party risk.
- Proven ability to work cross-functionally with stakeholders across risk, procurement, legal and business functions.
- Experience designing and scaling cloud risk assessment methodologies.
- Strong executive communication skills, including Board and regulator engagement.
- Familiarity with GRC and Cyber Risk Management platforms.
