IT Risk Management Intern

Position Title

Governance Executive – Information Security

Department

Information Security / IT Governance / Risk Advisory

Role Purpose

To support the organization's Information Security Governance initiatives, ensuring alignment with regulatory requirements including BNM Risk Management in Technology (RMiT), and internal security policies. The role is responsible for performing information security assessments, monitoring compliance posture, and supporting governance-related activities.

Key Responsibilities

1. Regulatory & Security Governance

• Support governance initiatives in line with BNM Risk Management in Technology (RMiT) requirements.
• Assist in maintaining and reviewing Information Security policies, standards, and procedures.
• Track regulatory updates and support gap assessments against regulatory requirements.
• Prepare governance reports and status updates for management.

2. Information Security Assessment

• Perform Information Security Assessments on internal systems, applications, and third-party vendors.
• Conduct risk-based security reviews and document findings.
• Identify security gaps and recommend remediation actions.
• Follow up on remediation activities to ensure timely closure.

3. Risk & Control Management

• Assist in performing security risk assessments and maintaining risk registers.
• Monitor compliance to internal security controls and standards.
• Support control testing and evidence validation activities.
• Participate in security audit preparation and remediation tracking.

4. Third-Party & Vendor Security Governance

• Perform security due diligence assessments for vendors and partners.
• Review vendor security documentation and risk posture.
• Support onboarding and periodic reassessment of third-party vendors.

5. Governance Documentation & Reporting

• Maintain governance documentation including policies, procedures, and assessment reports.
• Prepare dashboards and reports for internal stakeholders.
• Ensure proper record keeping of assessment evidence and audit artifacts.

Key Requirements

Education

• Bachelor's Degree in:
• Information Security
• Cybersecurity
• Information Technology
• Computer Science
• Or related discipline

Experience

• 1–3 years of experience in:
• Information Security Governance
• IT Risk & Security Governance
• Information Security Assessment
• IT Audit or Security Governance

(Fresh graduates with relevant internship exposure may also be considered.)

Technical Knowledge & Skills

Must have:

• Knowledge of BNM Risk Management in Technology (RMiT)
• Understanding of:
• Information Security Governance
• Risk Assessment methodologies
• Security control frameworks
• Information Security Assessment processes
• Familiarity with:
• Third-party risk assessment
• Security policies and standards
• Audit and compliance processes
• Strong documentation and reporting skills.

Good to have:

• Familiarity with:
• ISO/IEC 27001 Information Security Management System
• NIST Cybersecurity Framework
• Experience supporting IT or security audits.
• Basic knowledge of cybersecurity controls.

Soft Skills

• Strong analytical and problem-solving skills
• Good communication and stakeholder management skills
• Attention to detail
• Ability to manage multiple tasks and deadlines
• Good documentation discipline