PURPOSE

* Manage the end-to-end implementation of the Technology Assurance program that guides, monitors, evaluates and reports on the efficiency of the internal controls related to technology.

* Provide in-depth technical guidance on compliance requirements related to technology for control/process documentation, testing and issue management.

* Work closely with Group InfoSec Governance and Technology Assurance to effectively assess and resolve the gaps against standards, as well as international and local regulatory requirements related to technology controls.

* Drive, manage and/or perform the end-to-end Technology assessment to evaluate the design and effectiveness of technology controls throughout the business cycle.

KEY ACCOUNTABILITIES

* Manage and guide the team to perform end-to-end implementation of the technology assurance framework for all markets.

* Coordinate and review the evidence and collection for Technology related audits.

* Identify system and control owners and drive and coordinate with owners to support technology assurance and assessment activities.

* Collaborate with key technology, business, risk, audit and compliance teams to evaluate critical technology related risks.

* Propose, implement, and guide BUs for risk resolution prioritisation.

* Review the data collected and calculates for the defined Technology related KRIs and Metrics and prepare regular reports.

* Be the driver of improvement opportunities to increase efficiency and effectiveness of technology assurance program.

* Perform and be accountable for follow-ups through closure on the outstanding deficiencies and coach and advise control

owners in the design and implementation of processes and control improvement.

* Lead, develop, mentor and provide guidance to more junior members of the Tech Assurance Team.

QUALIFICATIONS / EXPERIENCE

* Minimum 7 to 10 years of experience in IT Audit and Risk Assessment.

* Degree from Information Technology or equivalent discipline.

* One of industry recognised certification such as CGEIT, CISSP, CISM, CISA, ISO 27001, CRISC, etc.

* Solid understanding of current and emerging technologies.

* Understanding of IT SOX and other IT/IS frameworks and best practices such as COSO, COBIT, ITIL, ISO 27001, SOC 1, 2, 3, etc.

* Good knowledge of privacy regulations and data protection.