Cyber Security Assurance Manager (2 year contract)
The Cyber Security Assurance Manager role is within the Regional Delivery Centre (RDC) based in Singapore, that focuses on delivering key global services to member firms across Asia Pacific region (ASPAC region) in the most cost efficient and effective way. The primary function of this role is supporting a security compliance program focused on operation environments and applications across multiple technologies. The role will support the existing IT Controls and process while looking for innovative ways to take the compliance of platform operation and application operation to the next level.
• Professional experience in global technology privacy and data protection, such as SOC, GDPR, and ISO 27001.
• Communicating compliance asks and the corresponding risk of non-compliance to engineers, product managers, and other internal customers.
• Administer operational activities related to regulatory requirements.
• Familiarity with privacy compliance frameworks and technical knowledge to manage detailed requests/queries.
• Lead efforts to enhance IT controls across Regional Application portfolio.
• Provide subject matter expertise in IT Operations matters to functional and business groups as required.
• Develop and maintain operating procedure documentation including Privileged Access and defining data handling requirements, controls and process diagrams for applications.
• Support ASPAC RDC in preparing for internal audit as well as 3rd party assessments such as internal and external audits (SOC2, ISO certification etc.).
• Support and perform information security compliance tasks including compliance report generation and monitoring compliance of security policies, standard and procedures.
• Bachelor's degree from an accredited College or University.
• Minimum 8 years of experience in IT Operations with at least 3 years of experience in application/systems audit, regulatory and risk reviews.
• Excellent verbal, written communication & stakeholders management skills.
• Proven ability to manage multiple projects concurrently from end to end.
• Audit/Consulting/Client services experience a plus, especially regarding Privacy, Security or Control frameworks.
• Capable of strategic thinking and executing strategic plans.
• Experience in implementing Information Risk and security program in line with business needs and while balancing risk mitigation, cost effectiveness and usability.
• Experience in implementation based on existing global information risk and security management approaches.
• Good understanding of ITIL and ISO 27001 control objectives.
• Broad understanding of IT Service Delivery processes, risk assessment and risk mitigation.
• Professional security certification such as CISA, CISM, CRISC or CISSP (added advantage).
Only shortlisted candidates will be contacted by KPMG Talent Acquisition team.