As an IT Risk Analyst, you will play a pivotal role in safeguarding our Company's digital assets and ensuring the integrity of our information systems. This position offers a unique opportunity to work at the intersection of technology and risk management, contributing to the overall security posture of our company. If you have a passion for identifying and mitigating potential IT risks, coupled with a strong analytical mindset, we invite you to apply and be part of a team that values innovation and proactive risk management.
RESPONSIBILITIES Implement and maintain the Technology Risk Management Framework TRMF and Cyber Resilience Framework CRF via the following:
• Review and formulate enhancements to the TRMF and CRF to maintain a framework that remains relevant in identifying and mitigating significant risks in the achievement of business objectives.
• Assess and regularly analyse IT risks, by evaluating the impact and likelihood of the identified IT risks and prioritise them via maintenance of IT risk registers.
• Plan and organise governance and risk awareness initiatives in facilitating risk identification and assessment refreshers to facilitate submission of identified risks for the development of an accurate risk profile of the organisation and ultimately, strengthen organisation governance.Perform analysis and risk assessment of proposed new products/ new IT vendors to ensure new initiatives/ vendor appointments commence in a manner that minimises risk to the organisation.Conduct review on business and system processes, identify parts of the business/ system that require or would benefit from formalised or improved business processes/ controls, and assist with development and implementation of such process/ control enhancements. For the purpose of the review, must be able to design review and testing procedures to achieve the review and control objectives.Conduct assessment on the Company's compliance with relevant regulatory requirements and policies.Collaborate with cross-functional teams to ensure compliance with industry regulations and internal policies.Collaborate with cross-functional teams to provide timely and effective cyber incident responses.Conduct risk evaluations of third-party IT outsourcing service providers (OSPs) and ensure appropriate due diligence is performed to identify, mitigate, and maintain ongoing awareness of risks to the Company resulting from IT OSPs. REQUIREMENTS: At least 3 years of relevant working experience in the field of IT audit and/or IT risk advisory. It will be and added advantage if you have obtained professional certifications or passed the examinations for CISA, CRISC or CIA.Bachelor's Degree (or equivalent) and above; or Professional certification (Example: CISA, CRISC or CIA)We welcome candidates from the following fields:-
a) Information Systems;
b) Information Technology IT; or
c) Computer Science.Based in KL but must be willing and able to travel the company entities in Malaysia (East & West).Good working knowledge of the COSO and IT Assurance Framework issued by ISACA.Experience in performing IT audits and risk assessment assignments.Strong understanding of complex business and IT processes, and their related risks.Able to evaluate IT internal controls and identify opportunities for controls improvement.Strong analytical and problem-solving skills.Able to multi-task and possess effective time management skills.Able to produce high quality work deliverables on timely basis.Excellent written English and interpersonal skills, a team player and communicator, and a self starter.