The IT Governance & Risk Analyst will need to work with every team in IT Department and communication with relevant department if it’s required. The IT Governance & Risk Analyst is responsible in maintain the IT Risk Framework and its associated controls and reporting, also to evaluate overall information technology risk. All compliance closure activities are coordinated through this role, including Internal IT Audit, External IT Security Audit and any relevant tasks which are assigned by the Governance and Risk Supervisor.
The IT Governance & Risk Analyst reports to the Governance and Risk Supervisor and his job responsibility is as follow:
- Risk Identification, Assessment and Evaluation in IT Environment of Group Lease Public Company Limited:
- Collect information and review documentation to ensure that risk scenario is identified and evaluated.
- Identify legal, regulation and organizational policies and standards related to Information Technology to determine their potential impact on the business objectives.
- Identify potential threats and vulnerabilities for business process, associated data and supporting capabilities to assist in the evaluation of enterprise risk.
- Develop, maintain and draft relevant Policy and Procedure for applying to the whole group of companies such as Thailand (GL), Cambodia (GLF), Myanmar (GL-AMMK), Laos (GLL) and Indonesia (GLFI). Ensure the following policy and procedure are in place:
- Employee Information Technology Policy.
- IT Infrastructure Security Policy.
- Policy and Procedure of BCP and DRP.
- Procedure of Project Management, Incident Management, Change Management.
- Other IT Compliance…
- Ensure that all IT policies and procedures are compliant with regulatory requirements.
- Maintain a schedule of policy review and submission to Top Management for approval.
- Disaster Recovery Coordination:
- Maintain the IT Disaster Recovery Plan as mid-year reviews
- Manage regular testing of the plan and update for major change in Hardware, applications, business and regulatory requirement accordingly.
- Coordinate testing and reporting of data backup, data restoration in accordance with perspective of IT availability.
- Audits and Reviews Preparation and Facilitation:
- Serve as liaison to Internal Auditor, External Auditor, Group Internal Control and other compliance committee regarding to documentation and review of Information Compliance.
- Communicate audit and review results to appropriate parties.
- Work closely with relevant IT Managers to take action regarding implementation, correction of issues finding.
- Projects and Initiatives related to IT: participate in IT project and initiatives to bring pro-active risk management focus into solutions.
- Information System Control Monitoring and Maintenance:
- Keep tracking IT Inventory, IT Asset and None IT Asset.
- Ensure IT Purchase and asset transfer are following procedure in placed.
- Monitoring user management/accounts for all systems which are using by company.
- Software and Application License Compliance.
- Bachelor’s degree in field of Computer Science or Management of IT.
- 3 to 4 years auditing experience as compliance leader or Information Risk Specialist.
- Strong knowledge of Computer Management, Server Management, and IT Security Management.
- Experience in financial/banking are also preferable.
- Good at English Writing and Speaking.
- Excellence in writing documentation and reporting.
- Strong communication Skill, and leadership skills and the ability to partner effectively with various team with IT and the business.