Duties & Accountabilities
- Conduct application risk assessments to identify, evaluate, and mitigate cybersecurity and IT risks across systems and platforms.
- Support and manage IT audit activities, including audit planning, execution, remediation tracking, and reporting.
- Develop, implement, and maintain risk management frameworks, policies, and procedures aligned with industry standards.
- Identify potential cybersecurity threats and vulnerabilities, and recommend appropriate risk treatment strategies.
- Collaborate with IT, security, compliance, and business stakeholders to ensure risk controls are effectively implemented.
- Monitor and report on risk indicators, audit findings, and remediation progress to relevant stakeholders.
- Ensure compliance with internal policies, regulatory requirements, and industry standards (e.g., ISO 27001, NIST, COBIT).
- Support project deployment activities by providing risk and control advisory throughout the project lifecycle.
- Participate in risk reviews, governance meetings, and security assessments as required.
Requirements
- Bachelor's degree in Computer Science, Information Security, or a related field.
- Minimum 5 years of hands-on experience in risk management, cybersecurity, IT audit, or a related domain.
- Strong experience in:
- Application Risk Assessment
- IT Audit Management
- Enterprise / IT Risk Management
- Solid understanding of cybersecurity principles, controls, and frameworks.
- Experience working in large enterprise or multinational environments is highly preferred.
- Familiarity with standards and frameworks such as ISO 27001, NIST, COBIT, or similar.
- Strong communication skills with the ability to engage technical and non-technical stakeholders.
- Very good written and verbal communication skills, as well as interpersonal skills, focus on end-user value delivery. Fluent in English.
