The IT Governance, Risk & Compliance (GRC) Lead manages Bank MAS Digital Banking’s IT GRC team to perform security and risk assessments, user awareness and education, audit support, and regional regulatory compliance (i.e. Kominfo’s PSE, POJK).
The team will work with Information Technology, Information Security, Internal and External Audit resources, and the business, to support process documentation and review, reporting and analytics, and developing and maintaining the appropriate records related to policy, procedures, control self-assessments, risk, etc. Incumbent will coordinate with corporate accounting to identify, develop, and maintain a suite of appropriate IT Controls that support the organization's overall Internal Control over Financial Reporting (ICFR). S/he will initiate and lead IT Risk Assessment projects including the identification and documentation of an IT Risk Register, Risk Assessments, Mitigating Controls, Residual Risk, and other related data.
· Ensure business-wide alignment and compliance with the applicable legislative and regulatory interpretation and corporate risk appetite
· Lead, develop, manage and maintain the information security governance deliverables lifecycle including compliance measurement, deviations and exemptions
· Develop, manage and implement the information security audit and assurance plans and schedules, including any specific business needs and requirements
· Develop, maintain and drive the information asset inventory
· Perform vendor security reviews and evaluate security posture
· Maintain and disseminate internal infosec policies and procedures
· Build and execute training and awareness initiatives for company wide compliance
· Strong technical, analytical, and interpersonal skills
· Experience with internal and external auditors
· Detailed approach to vulnerability management processes and risk assessments
· Experience in building policies and optimizing workflow for InfoSec, IT Risk, and Compliance
· Deep understanding of, and experience with implementing Kominfo’s PSE, POJK and with requirements
· Experience leading implementation of ISO 27001 information security standard
· Experience with PCI DSS compliance and implementation
· The ability to work well with people from many different disciplines with varying degrees of technical experience
The ability to adapt to a dynamic, rapidly changing business and technical environment