PURPOSE

• Lead the overall technical assurance definition and execution of the Technology Assurance framework and programs that guide, monitor, evaluate and report on the efficiency of the internal controls related to technology.

• Be the subject matter and provide expertise level guidance on compliance requirements related to technology for control/process documentation, testing and issue management.

• Lead and drive the collaboration with Group InfoSec Governance to effectively assess the critical and key gaps against standards, as well as international and local regulatory requirements related to technology.

• Lead and manage the Technology assessment at an expert level and evaluate and advise the overall design and effectiveness of all key technology controls throughout the business cycle.

KEY ACCOUNTABILITIES

• Contribute and support the Head of Technology Assurance & Information Security Governance in defining, developing and maintaining technology assurance framework in all THE COMPANY markets in accordance with the Group Technology Roadmap.

KEY PERFORMANCE INDICATORS

• Guide THE COMPANY markets in adoption of the technology assurance framework.

• Working on a group level work with all stakeholder to gather and organise and deliver key business requirements.

• Ensure the accuracy and consistency of the technology assurance program.

• Meet the objectives of the program within the defined timelines.

• Improve the visibility of technology controls, risks and vulnerabilities.

• Ensure Technology controls are compliant against required standards/ benchmarks and best practices.

• Ensure timely implementation of recommendations for remediating the weaknesses/deficiencies.

• Keep pace with changes in technologies in support of IT/Security compliance programs.

• Doing things right, creating synergies for the overall THE COMPANY goals and objectives, along with a people first approach.

QUALIFICATIONS / EXPERIENCE

• Minimum 6-8 years of experience in IT Audit and Risk Assessment.

• Degree from Information Technology or

equivalent discipline

• One of industry recognized certification such as CGEIT, CISSP, CISM, CISA, ISO 27001, CRISC, PCI DSS etc.

KNOWLEDGE & TECHNICAL SKILLS

• Excellent stakeholder management and communication skills.

• Project delivering experience

• Solid understanding of current and emerging technologies.

• Understanding of IT SOX and other IT/IS frameworks and best practices such as COSO, COBIT, ITIL, ISO 27001, SOC 2, 3, etc.

• Good knowledge of privacy regulations and data protection.

• Detailed oriented and able to work under pressure and accustomed to work under tight deadlines.

• Team-oriented, collaborative, diplomatic and flexible.

• Strong written and verbal communication skills, strong interpersonal skills and the ability to communicate effectively across business units.

POSITION DESCRIPTION

Work closely with senior management of business units and within Group Technology through tracking and reporting function, to ensure regular updates to management on the Technology Assurance programs.

Be accountable for the planning, management and execution of the day-to-day activities of Technology related audit engagements.

Ensure system and control owners are identified; and coordinate with owners to support technology assurance and assessment activities.

Collaborate with key technology, business, risk, audit and compliance teams to identify, evaluate and address critical technology related risks.

Proactively research industry trends and define, influence and implement appropriate and practical technology related KRIs, metrics and solutions to create and enhance process efficiency and address key risks.

Define, oversee and ensure all test scenarios for effectiveness of the internal controls and provide guidance to remediate the deficiencies/ weaknesses.

Ensure THE COMPANY readiness for IT Security

Internal/External audits.

Advise BUs on Technology risk assessment.

Internal Audit

External Auditors

Vendors and/or Service Providers

Group operational risk

Group legal and Compliance