IT Security, Risk and Control, Senior Advisor
Description:
Prudential’s purpose is to be partners for every life and protectors for every future. Our purpose encourages everything we do by creating a culture in which diversity is celebrated and inclusion assured, for our people, customers, and partners. We provide a platform for our people to do their best work and make an impact to the business, and we support our people’s career ambitions. We pledge to make Prudential a place where you can Connect, Grow, and Succeed.
This role is expected to ensure IT controls effectiveness and efficiency based on risk management framework and protect the enterprise information, customer data privacy in compliance with internal/external regulation.IT Security, Risk and Controls – Senior Advisor
Job Responsibilities
The IT Security, Risk and Controls Senior Advisor will be mainly responsible for IT controls effectiveness/efficiency assurance in operation/project delivery.
He/she will support the IT Security, Risk and Control – Senior manager in:
1. Work with other IT/business team to ensure all IT control requirements conversed to design of systems and infrastructure operation.
2. Recommend and coordinate to ensure the effective implementation of technical controls to support and enforce defined IT policies/processes/standards and regulations.
3. Perform regular assessment on IT risk and effectiveness of internal controls and external compliance based on risk/quality management framework.
4. Strengthen end-user awareness on security risk via training, workshop.
5. Involve in implementing BCP, DRP for the enterprise.
The IT Security, Risk and Controls Advisor will handle key stakeholders including:
External: Regulators and Audit
Internal: All business users, all IT other departments
Job Requirements
University degree in Information Security or Computer Science with significant demonstrable experience in Information Security.
A minimum of 7 years relevant experience in IT Risk/Audit/Information Security with 2 years-experience in Cloud Infrastructure/Security implantation is preferred.
Technical capability: certified by
a. CRISC/CISA as mandatory
b. COBIT/ISO as secondary
c. Broad knowledge of security domains, trends, and technologies (such as threat and vulnerability management, network security, endpoint security, web application security, data loss prevention, encryption, security hardening).
Technical understanding of various technology stack and platform (e.g., Azure DevOps, Terraform, Git, Jenkins, Dockers, Kubernetes, Node.js, Java, …) is preferred.
Soft skill:
a. Good at Insurance/Business acumen
b. Good at Story telling/Data Analytic
c. Proficiency at IT Process development, security frameworks, compliance requirements and security operations, industry standards such as ITIL, COBIT, PCI DSS, NIST SP-800 Series, CIS 20, CSA CCM.
d. Strong interpersonal and communication skills, project management experience, problem-solving.
Prudential is an equal opportunity employer. We provide equality of opportunity of benefits for all who apply and who perform work for our organisation irrespective of sex, race, age, ethnic origin, educational, social and cultural background, marital status, pregnancy and maternity, religion or belief, disability or part-time / fixed-term work, or any other status protected by applicable law. We encourage the same standards from our recruitment and third-party suppliers taking into account the context of grade, job and location. We also allow for reasonable adjustments to support people with individual physical or mental health requirements.
24040313