Responsibilities

Ensure alignment of IT operations with business strategy and regulatory requirements.
Facilitate the development and enforcement of IT policies and governance frameworks.
Support IT compliance efforts with relevant laws, standards (e.g., ISO 9001, 14001, 27001, RMIT, PCIDSS, COBIT, etc), and internal & external controls.
Monitor and report on IT governance metrics and risk indicators.
Promote awareness of IT governance, risk, and compliance across departments.
Work closely with internal and external auditors, including AFS auditors, to support audit activities. Provide necessary documentation, clarify audit queries, and ensure timely follow-up on audit findings.
Ensure the Budget and Cost controls are within approved limits.
To ensure the IT Security Documentation, Procedures and guidelines are maintained and up-to-date.
To report promptly any breach of law, regulation, the company’s code of conduct or other company policies and guidelines to immediate superior.
Ensure IT Security & Governance operation meets Audit compliance.


Requirements

Advanced Diploma or Bachelor’s Degree in Computer Science / Information Technology or equivalent .
Minimum 8 to 10 years of working experience in the related field or IT Banking Industry.
Managerial role: Interpersonal, consultative and facilitation skills are required.
Knowledge in Business Process Methodology, Problem Solving, Detail-Oriented and capable of delivering a high level of accuracy.
Professional certification (CISSP, CISM, CISA, CSXP, CREST, GPEN, CEH, Comptia Security+, Comptia CASP+, GCIH, GSEC, OSCP ) will be an added advantage.


Skills

Information Security Standards & Frameworks

Deep understanding of ISO 27001, NIST, COBIT, ITIL, CIS Controls, and GDPR/other data protection regulations.
IT Governance & Compliance

Comprehensive knowledge of IT governance principles and regulatory requirements (e.g., SOX, HIPAA, PCI-DSS).
IT Risk Management (IT-RM)

Understanding of how to integrate information security risk into the broader IT-RM framework.
Security Architecture & Controls

Familiarity with enterprise security controls, architecture best practices, and secure systems development life cycle (SSDLC).
Audit and Regulatory Requirements

Knowledge of internal/external audit processes and how to prepare and respond to audit findings.
Business Continuity & Incident Management

Knowledge of disaster recovery, incident response planning, and business continuity frameworks.
Policy Development

Skilled in drafting, implementing, and managing information security policies, standards, and procedures.
Analytical Thinking

Ability to assess complex security issues, analyze trends, and make data-driven decisions.
Audit & Compliance Reporting

Experience in preparing and presenting security metrics and reports for senior stakeholders.