Connecting...

Job Details

Location
Singapore
Salary
SGD8000 - SGD12000 per month
Job Type
Permanent
Ref
BH-167031
Contact
Angela Poh
Posted
almost 3 years ago
IT Audit Management
  • Define the IT compliance risk universe and develop the annual IT risk and compliance management work plan, compliance programmes/ IT security audit checklists to assess the design and operating effectiveness of internal controls in mitigating IT risks.
  • Conduct annual IT policy compliance (e.g. MOH’s HealthTech Instruction Manuals, CSA Cybersecurity Code of Practice (CCOP)), Company localized IT security-related policies), process compliance reviews, technical compliance audits/ reviews on critical systems and infrastructure and report the findings to the management team and IT Risk Committee.
  • Manage  interactions with internal stakeholders, including briefings, conduct compliance checks, management responses and follow-up actions and on-target execution of the annual IT risk and compliance work plan
  • Review IT findings/issues (e.g. non compliances or partial compliances) arising from the compliance reviews, assess Company's overall state of ICT governance and risks and formulate mitigation plans to address the gaps and to improve overall state of ICT governance and risks. Monitor and validate IT findings and follow up actions, to ensure control remediation is effective and root causes have been addressed and timely closure of IT issues
  • Work closely with internal and external auditors to avoid duplication of audit and compliance efforts and consolidate common IT audit and compliance findings for sharing with internal stakeholders to ensure alignment and compliance. 
  • Lead and guide the institutions’ IT Compliance Teams and ensure alignment of practices
  • Assist to communicate common IT issues and findings to stakeholders to ensure alignment and compliance
     
IT Risks and Compliance Management
  • Review and explore policies and practices in the market and introduce appropriate best practices to Company and our institutions to strengthen IT risks and compliance within Company.
  • Alignment of partners and collaborators policies with essential Company
  • Recommend compliance and audit response and support risk assessment
  • Implement an IT risk and compliance management programme for institutions.
  • Ensure the alignment and compliance with MOH Healthtech Instruction Manual (HIM) policies and CSA Cybersecurity Code of Practice (CCOP).
  • Work closely with all internal and external stakeholders/partners to identify risks to IT systems and operations.
  • Implement and maintain the risk register to document IT system and operational risks.
  • Identify and escalate high, significant and systematic risks for IT systems and operations to IT management for risk treatment and report to IT Risk Committee for oversight.
  • Develop training programme to improve the IT compliance knowledge and competencies for internal stakeholders.
  • Actively participate in the development of MOH HIM policies.
  • Develop and implement the plans to rollout MOH HIM policies.
  • Communicate changes and implications of changes for MOH HIM policies.
  • Develop and implement localized IT security-related policies, processes and procedures pertaining to IT project delivery, IT security, Cloud security and third-party management.
  • Monitor and review new and ongoing IT projects to ensure compliance to governance, institutionalized processes, and application standards to procedures
  • Support IT Risk Management through IRMC and FAC plans and action items
Requirements:
  • Bachelor degree qualification from a recognized university. Bachelor Degree in a Information Technology related discipline
  • At least 15 years of IT infrastructure and networks technical experience with strong grasp on IT Fundamentals including 10 years in a IT security related role
  • Certified Information Systems Auditor (CISA) certification is required
  • Certified Information Systems Security Profession certification would be an advantage
  • Good knowledge of Cybersecurity risks and risk treatment would be an advantage
  • Candidates who does not have the recommended security experience and certification may apply if he/she has very strong and solid technical knowledge/experience
  • Good interpersonal & communications skills and ability to manage stakeholders from diverse backgrounds at various levels of seniority.
  • Macro in perspectives and meticulous in implementation.

Interested candidates please send your updated CV in MS Word format to Connie Ng at connie@connect-ebc.com
 
EA Personnel No. R1875181
EBC Connect Pte Ltd
License No. 17C8975