Specialist, IT Risk Control - Singapore - CA SEARCH PTE. LTD.

    CA SEARCH PTE. LTD.
    CA SEARCH PTE. LTD. Singapore

    1 week ago

    Default job background
    Description
    Roles & Responsibilities

    THE ROLE

    CLIENT: Energy trading firm
    COVERAGE: Regional

    SUMMARY
    Oversee the control activities across the region and to ensure that our control framework is governing our business operation in a safe and compliant manner.
    Identify weaknesses within the organization's IT processes and infrastructures and ensure that proper measures are implemented to minimize such risk. Ensure that an optimised set of business process maps are in place and our internal procedures are promptly updated to reflect the agreed framework.
    Work closely with both commercial and functional teams, to provide solutions/ recommendations to improve the controls and drive efficiency through continuous improvement. Proactively look out for any breach of procedure by our staff and potential control gap that could create a material risk to our organisation.
    Responsible for collating global Internal Control reporting information that is required by both internal management and external stakeholders.

    THE ROLE
    Ensure an appropriate and tailored IT risk framework is in place and aligned with the overall IC framework;
    Proactively identify IT control gaps and work closely with IT team on the risk mitigations plan and documentation
    Conduct reviews on the privilege ID usage, ETRM and Finance systems' user access rights to ensure adherence to access controls standards
    Provide support on IT risk and control type of initiatives, including new system implementation and significant system change projects to ensure that proper controls are considered and included at the design-phase
    Ensure an optimised set of business process maps is in place and aligned with the system controls;
    Lead and conduct IT related control gaps/incidents reviews, including root cause analysis, identification of mitigating controls, follow-up on the remediation actions
    Proactively identify control and process improvement initiatives and drive continuous improvement in the organization
    Provide internal control guidance and support to commercial and functional teams in managing the operational risks, and ensuring the quality and consistency of the internal procedures from an IC perspective
    Coordinate the Operational Sign Off process for all new business activity/product and tracking action items signed off by relevant functions
    Perform daily controls monitoring and review
    Compile and prepare key risk indicator report on a monthly and ad-hoc basis
    Ensuring consistency of IC approach across the whole company

    Coordinate and ensure key company policies and procedures are updated annually and are aligned to our Parents' Internal Control requirements;
    Provide assistance to both internal and external audits, including J-Sox reporting, and ensure timely completion of all open actions.

    REQUIREMENTS

    Degree in Computer Science, Information Systems/Security, Business Management or its equivalent, with professional certification in security and controls
    Minimum of 5 years relevant industry experience in risk and control management within IT or IT audit
    Broad exposure to a range of diverse technology, security concepts, tools, and methodologies
    Experienced in reviewing technology domains across infrastructure, applications, cyber security, cloud technology, IT governance processes
    Experience in IT incident investigation and reporting
    Experience in an energy/commodity trading environment, or related regulatory environment an advantage
    Experience in Sarbanes-Oxley/J-Sox reporting preferred
    Knowledge of Application Security frameworks and standards
    Competent in the full suite of MS Office packages – specifically Word, Excel, Visio PowerPoint applications.
    Competency in use of data analytics and visualization tools (e.g. Power BI, Python, SQL, ACL, Alteryx, Tableau) is a considerable advantage.
    Knowledge of Allegro, SUN, CubeLogic, ZEMA and IMOS would be an advantage

    Tell employers what skills you have

    System Implementation
    Remediation
    Application Security
    Allegro
    IT Governance
    IT infrastructure
    Energy
    Visio
    Root Cause Analysis
    Business Process Mapping
    Alteryx
    Information Technology
    Incident Investigation
    SQL
    IT Audit
    Audits
    Business Process
    IC
    Data Analytics
    Power BI