Job Description

This role is an excellent opportunity in the Cybersecurity team to be part of IT GRC practitioners. This position will assist the IT GRC lead to support and provide management of IT governance practices within DKSH. Ideally, someone who has strong IT governance, compliance and audit knowledge and IT security skills as a core competency.

This position will have ownership to define, implement, document, and validate the implementation of IT governance framework and security controls, processes and regulatory compliance and driving maturity of the overall IT GRC practices within DKSH.

• Support the execution of strategical direction for the function, from planning, implementing, and budgeting to motivational and promotional activities expounding the value of IT GRC
• Member of cybersecurity professionals on operational activities to build, run and operationalize IT GRC practices with stakeholders
• Report and escalate to leadership management team on controls effectiveness and operational efficiencies
• Implement and promote IT GRC framework, policies, standards, IT risk management and GRC tools across DKSH
• Promote and support “center of excellence” for cybersecurity management, continuous improvement and optimization of security solutions and processes
• Support the commissions or the preparation, implementation and validating of cybersecurity policies, standards, procedures and guidelines
• Lead and support the continuous ISO27001 compliance and certification
• Lead and support the design and operation of related compliance monitoring and improvement activities to ensure compliance with ISO27001 practices, internal security policies and applicable laws and regulations
• Support security awareness, training and educational activities by providing suitable guidance to the team and stakeholders
• Lead or commissions information security risk assessments, including vendor risk assessments, contract reviews, and controls selection activities
• Support the information security incident investigation and management process and post incident review from IT GRC standpoint

• Keep abreast of latest security and privacy legislation, regulations, adversaries, alerts, and vulnerabilities
• Support IT GRC on global data privacy practices

Job Requirement:

• Bachelor's degree in Computing/Information Technology or equivalent;
• At least 8 years’ experience in similar role with at least 3 years in management position
• Excellent knowledge on IT governance framework, practices, policy management, risk management and IT GRC tools
• Knowledge on IT environment and solutions such as Windows/Linux OSes, AD, cloud technology, DNS, DHCP, IPS, AV, Firewalls, Routers, Switches, VM, etc will be advantageous
• Sense of ownership and pro-activeness to identify, improve and optimize processes and mitigating gaps
• Excellent written and verbal communication skills; interpersonal and collaborative skills; and the ability to communicate security and risk-related concepts to technical and non-technical stakeholders;
• Strong ability to work independently and collaborate with diverse teams with multiple stakeholders;

Location: Menara KEN, TTDI