Job Description

In this position, the applicant will join the IT Governance & Vendor Management team to perform IT governance, risk management and compliance functions. The role reports into the Head, IT Governance & Vendor Management within the Information Services division (IS). 

As an IT Governance, Risk & Compliance (GRC) Manager, you will play a pivotal role in ensuring the organization's adherence to regulatory and internal policies, managing risk, and maintaining a robust governance framework. Your responsibilities will involve assessing and mitigating risks, monitoring compliance with applicable laws and regulations, and assisting in the development of strategies to enhance governance practices. The role provides opportunity for direct interaction with senior management in business, IT, and vendors.
 

Responsibilities

Risk Assessment and Management

• Identify potential risks and vulnerabilities within IS's operations, processes, IT applications and IT infrastructure.
• Conduct risk assessments to evaluate the impact and likelihood of various risks.
• Develop strategies and plans to mitigate identified risks and minimize their potential impact.

Regulatory Compliance

• Stay updated on relevant laws, regulations, and industry standards that impact IS's operations.
• Ensure that IS complies with all applicable regulations, ranging from data privacy and cybersecurity to industry-specific requirements.
• Implement and monitor compliance programs, policies, and procedures.

Policy Development

• Contribute to the creation and maintenance of IT policies and procedures that guide IS's behavior and practices.
• Collaborate with legal and compliance teams to ensure policies align with regulatory requirements.

Monitoring and Auditing

• Regularly monitor IS's activities and processes to detect deviations from established policies and regulations.
• Conduct internal audits to assess the effectiveness of controls and identify areas for improvement.
• Prepare audit reports and provide recommendations to enhance compliance and risk management efforts.
• Collaborate with internal and external audit teams, providing documentation and evidence as needed to demonstrate compliance and adherence to governance standards.

Training and Education

• Develop and deliver training programs to educate employees about compliance standards, risk management practices, and ethical behavior.
• Foster a culture of compliance by promoting awareness and understanding of IT GRC principles across IS.

Reporting and Continuous Improvement

• Prepare and distribute regular reports to management and stakeholders summarizing risk assessments, compliance status, and recommendations for improvement.
• Identify opportunities for enhancing governance processes and recommend improvements to reduce risk exposure and enhance operational efficiency.

Requirements

• Degree in IT or related fields
• 5 to 7 years’ experience in IT governance, risk management or compliance in a regulated industry is essential.
• Relevant certifications (e.g., CISA, CRISC, GRCP, GRCA) are an added advantage.
• Experience in the telecommunication/technology industry and the associated regulations is a plus.
• Strong knowledge of regulatory frameworks, industry standards, and best practices related to IT GRC (e.g., PDPA, Cybersecurity Act, NIST, PCI DSS, ISO 27001, COBIT, ISAE 3000/SOC 2).
• Understanding cloud computing, information security, cybersecurity practices, and data protection principles is highly valuable.
• Exceptional analytical skills and the ability to assess complex risks and provide practical solutions.
• Prior experience in Archer GRC solution.  
• Excellent communication and interpersonal skills to work effectively with cross-functional teams and external stakeholders.
• Detail-oriented with a commitment to maintaining the highest standards of integrity and ethics.
• Strong organizational skills and the ability to prioritize and manage multiple tasks efficiently.
• Adaptability and the capability to stay current with evolving regulations and industry trends.
• Need to be results-oriented, meticulous, and resourceful.
• Excellent team player, self-driven and able to work under pressure.