* Lab Exercise Asked By Encik Hermizul. :-)
IT Security Compliance and Governance Consultant
Jobs Requirements :
Qualification:-
- Bachelor’s degree in Computer Science, Engineering, Business, or related field or equivalent work experience in IT Audit and Compliance in Information Security standards such as COBIT (SAS70/ISAE), SOX and ISO 27001. Experienced in handling data privacy, import, export and regulatory compliance.
- May have Master's degree in related field. Often holds intermediate-level certification(s) in work field such as CISA, CISM and CISSP. Typically 5+ years of relevant experience.
Jobs responsibility :
- Assist with the development and execution of a rolling yearly work plans for the Compliance.
- Plan, conduct and oversee audit/compliance/risk management activities.
- Develop/implement audit/compliance/risk management programs.
- Manage audit/compliance/risk relationships between Company and client.
- To act as a consultant to internal and external clients on matters of internal control and risk management.
- Manage and drive audit tracking and remediation tasks.
- Facilitate externally run reviews conducted by clients, external auditors, regulatory bodies and other organizations as required.
- Maintain currency on laws regulatory requirements, methodologies and standards appropriate for company and our clients.
- Develop/manage ongoing reporting.
- Coach and mentor team members.
- Establish and maintain effective relationships with people at all organizational levels, internally and externally.
- Identify and analyze new or existing tools, processes, and procedures.
- Prepare materials and execute presentations of solutions, proposals, process change etc. to appropriate audiences.
- Identify and evaluate the significant exposures or risks across functions, locations, accounts, processes, or other variables associated with company and the client account.
- Represent company control interests to clients and external parties by vetting all audit/compliance/risk management responses to clients and external parties to ensure appropriateness of responses.
- Provide control/risk management expertise in global initiatives that affect the control/risk management environments.
- Understanding of technology in areas of compliance issues.
- Apply advanced subject matter knowledge to complex business issues, and regarded as a subject matter expert. Frequently contribute to the development of new ideas and methods.
- Work on complex problems / projects where analysis of situations or data requires an in depth evaluation of multiple factors.
- Exercise significant independent judgment within broadly defined policies and practices to determine best method for accomplishing work and achieving objectives. Lead and / or provide expertise to functional project teams and may participate in cross-functional initiatives. May provide mentoring and guidance to lower level employees.
- Act as an expert providing direction and guidance to process improvements and establishing policies. Frequently represent the organization to external customers/clients.
- Apply deep and broad technical background and knowledge of industry trends to operate several critical or high risk technology areas/customer groups. Integrate technical knowledge and business understanding to create superior solutions for company and for customers. Mentor/consult with team members, other organizations, customers, and vendors on complex issues.
Knowledge and Skills :
- Strong written and communication skills across all levels.
- Ability to independently and manage audits.
- Demonstrated ability to work with and influence senior leadership.
- Demonstrated understanding of audit/compliance/risk management methodologies, standards and bench marks.
- Proven ability to multi-task, manage and work on projects/tasks concurrently.
- Proven ability to analyze situations, draw conclusions and take or recommend appropriate actions.
- Strong negotiation skills.
- Demonstrated ability to meet commitments.
- Demonstrated ability to prioritize and make changes where necessary (cope with pressure).
- Knowledge in procedures and processes.
- Good planning and project management skills.
- Ability to work in a complex technical area.
- Being able to work in a dynamic, often pressured, environment whilst adhering to service development and quality management procedures.
- Emulate Service Excellence Standards.
- Enhance responsiveness to customer requirements.