IT & IS Risk Manager (PH/SG/SH)

Manila, Philippines
Posted on Thursday, March 30, 2023
Join the leading Crypto Brand in the Philippines!
Who we are
We are one of the earliest and largest crypto platforms in Southeast Asia offering exchange and wallet services to our users. Our product lineup also includes electronic payment service and e-wallet. Through our wallet, users can send money to anyone, pay for bills, shop online at over 100,000 merchants, receive money transfers from 200+ countries even without a bank account, and of course view and purchase cryptocurrencies.

What you'll do

  • Develops and/or reviews IT / IS risk management framework, policies and protocols.
  • Perform and monitor risk assessments exercises, which comprise analyzing, identifying, measuring, and mitigating risks that impact all key business processes and systems.
  • Coordinate and execute IT /IS risk assessments and reviews, providing risk-based recommendation.
  • Prepare risk management and business contingency plans to develop a business continuity plan that will help to decrease risk factors.
  • Develop and maintain good communication channels with other risk partners, such as Operational Risk Management, Outsourcing Risk Management, etc.
  • Creates and presents IT / IS risk reports and proposals to the Head of Risk Management and Head of GRC, executive leadership, and senior staff.
  • Oversees and reviews the insurance policies of the company related to IT / IS.
  • Help raise risk awareness, provide education and training to employees inside the organization.
  • Create and maintain an external network with other senior IT risk managers, and relevant risk forums.
  • Maintain awareness of changes in IT industry standards, best practices, and risk landscape to maintain professional competence

What we expect from you

  • Must have analytical capabilities to analyze and detect prospective risks and vulnerabilities
  • Must have excellent written and verbal communication skills with other IT risk management professionals to properly appreciate the company’s key risks and create effective risk management solutions
  • Must have a thorough understanding of IT systems, networks and infrastructure components and a working knowledge of numerous computer programming languages
  • Must possess leadership abilities to motivate and manage their teams. If a threat happens, offer employees support, make suggestions, and manage the potential risk
  • Able to solve technical problems analytically and successfully manage information collection, analysis, reports, and other tasks. The IT Risk Manager must have outstanding problem-solving skills
  • Must be familiar with applicable banking regulations

Required Qualification

  • Bachelor’s degree in Accountancy /Finance/ Computer Science/ Information Systems or related field
  • Over 5 years work experience in IT risk management, compliance, audit or other relevant experience (e.g., IT Governance/ Information Security/ IT Compliance)
  • Experience with non-IT process reviews and/or integrated audits with data analytics application
  • Strong working knowledge on the following IT-related processes: a) IT General Controls; b) Cyber/ Information Security and Data Privacy; c) IT Operations; d) IT Governance and risk management process; e) Business Continuity Management; f) Systems Development Life Cycle; g) Change Management; h) IT Application Controls
  • Familiarity with IT control frameworks and standards such as COBIT, ITIL, NIST-CSF, and ISO 27001
  • Demonstrated success in identifying IT and security risks in complex technology environment and providing recommendations on controls/processes to mitigate the risks.
  • Well-developed organization and project management skills with proven ability to effectively manage time, prioritize, and handle multiple concurrent tasks
  • Good written and verbal communication skills, ability to communicate from process owners to senior management

Preferred Qualifications

  • With professional certification in IT audit, IT risk and governance, and information security (e.g. CRM/ISO 31000/CISA/ CISSP/ COBIT5/ ISO 27001 Lead Auditor/ CRISC)
  • Experience in performing reviews or audits of AWS cloud security- and operations-related services.
  • Familiarity with CI/CD process and related tools
  • Familiarity with AWS Elastic Kubernetes Services and related integrations to AWS
  • Working knowledge of SOC1, SOC2 and/or data privacy reviews
  • Experience in development, integration, and application of data analytics in audit methodology