Manager, IT GRC
StarHub
- Kuala Lumpur
- Permanent
- Full-time
- Identify potential risks and vulnerabilities within IS's operations, processes, IT applications and IT infrastructure.
- Conduct risk assessments to evaluate the impact and likelihood of various risks.
- Develop strategies and plans to mitigate identified risks and minimize their potential impact.
- Stay updated on relevant laws, regulations, and industry standards that impact IS's operations.
- Ensure that IS complies with all applicable regulations, ranging from data privacy and cybersecurity to industry-specific requirements.
- Implement and monitor compliance programs, policies, and procedures.
- Contribute to the creation and maintenance of IT policies and procedures that guide IS's behavior and practices.
- Collaborate with legal and compliance teams to ensure policies align with regulatory requirements.
- Regularly monitor IS's activities and processes to detect deviations from established policies and regulations.
- Conduct internal audits to assess the effectiveness of controls and identify areas for improvement.
- Prepare audit reports and provide recommendations to enhance compliance and risk management efforts.
- Collaborate with internal and external audit teams, providing documentation and evidence as needed to demonstrate compliance and adherence to governance standards.
- Develop and deliver training programs to educate employees about compliance standards, risk management practices, and ethical behavior.
- Foster a culture of compliance by promoting awareness and understanding of IT GRC principles across IS.
- Prepare and distribute regular reports to management and stakeholders summarizing risk assessments, compliance status, and recommendations for improvement.
- Identify opportunities for enhancing governance processes and recommend improvements to reduce risk exposure and enhance operational efficiency.
- Degree in IT or related fields
- 5 to 7 years' experience in IT governance, risk management or compliance in a regulated industry is essential.
- Relevant certifications (e.g., CISA, CRISC, GRCP, GRCA) are an added advantage.
- Experience in the telecommunication/technology industry and the associated regulations is a plus.
- Strong knowledge of regulatory frameworks, industry standards, and best practices related to IT GRC (e.g., PDPA, Cybersecurity Act, NIST, PCI DSS, ISO 27001, COBIT, ISAE 3000/SOC 2).
- Understanding cloud computing, information security, cybersecurity practices, and data protection principles is highly valuable.
- Exceptional analytical skills and the ability to assess complex risks and provide practical solutions.
- Prior experience in Archer GRC solution.
- Excellent communication and interpersonal skills to work effectively with cross-functional teams and external stakeholders.
- Detail-oriented with a commitment to maintaining the highest standards of integrity and ethics.
- Strong organizational skills and the ability to prioritize and manage multiple tasks efficiently.
- Adaptability and the capability to stay current with evolving regulations and industry trends.
- Need to be results-oriented, meticulous, and resourceful.
- Excellent team player, self-driven and able to work under pressure.