Role Overview
The Senior Risk Management Specialist is responsible for hands-on execution of IT and cyber risk activities. The role works closely with IT, Security, Audit, and business stakeholders to identify, assess, and manage technology risks in line with group standards .
This is an individual contributor role. The position does not involve people management and requires strong independence and ownership.
Key Responsibilities
- Perform IT, cyber, and application risk assessments
- Identify, assess, and document technology and security risks
- Maintain and update risk registers, risk ratings, and mitigation plans
- Support IT audit activities, including audit preparation, response, and remediation tracking
- Review effectiveness of IT and application controls
- Coordinate with IT, Security, Internal Audit, and business stakeholders
- Prepare risk reports, dashboards, and management presentations
- Support risk reviews, workshops, and governance forums
- Ensure alignment with group risk policies, standards, and frameworks
- Participate in incident analysis and post-event reviews when required
Key Competencies
- Strong experience in IT Risk Management, Cyber Risk, or GRC
- Hands-on exposure to application risk assessment and IT controls
- Good understanding of IT audit processes
- Strong stakeholder management, communication, and coordination skills
- Able to translate technical risks into business-impact language
- Comfortable working independently and managing multiple priorities
- Structured, analytical, and detail-oriented
- Able to work under pressure in a regional environment
Requirements
- Bachelor's Degree in Information Technology, Cyber Security, Risk Management, Computer Science, Engineering, or related discipline
- At least 5 years of hands-on experience in IT Risk Management, Cyber Security Risk, Application Risk Assessment, or IT Audit / Technology Controls
- Experience working in Big 4 - MNC or regional APAC environments is preferred
- Familiarity with ISO 27001, ISO 31000, NIST, and COBIT frameworks
- Exposure to GRC tools or structured risk platforms is an advantage
- Professional certifications is a big plus, including CISA, CRISC, CISSP (risk or governance focus), ISO 27001 Lead Implementer or Lead Auditor, and CIA
- Excellent communicator in English with strong interpersonal skills
