Responsibilities
Position Description
Reporting to the Internal Control Senior Manager, this role will assist in overseeing control activities across European, US and Asian offices and to ensure that our control framework is governing our business operation in a safe and compliant manner.
The primary responsibility of this role is to identify weaknesses within the organization&aposs IT processes and infrastructures and ensure that proper measures are implemented to minimize such risk. The role will also ensure that an optimised set of business process maps are in place and our internal procedures are promptly updated to reflect the agreed framework.
This role will work closely with both commercial and functional teams, to provide solutions/ recommendations to improve the controls and drive efficiency through continuous improvement. He/She will proactively look out for any breach of procedure by our staff and potential control gap that could create a material risk to our organisation.
This role is also responsible for collating global Internal Control reporting information that is required by both internal management and external stakeholders.
Main Responsibilities
The responsibilities of this role include, but not limited to:
- Support the development and implementation of the IT Risk Management Framework, policies, and processes.
- Coordinate and ensure key JERAGM IT policies and procedures are documented and updated annually.
- Conduct investigations of IT incidents, delivering detailed reports that summarize root causes, impact assessments, and recommended corrective actions.
- Identify, assess, and monitor IT operational risks, including those related to change deployments, incident management, and system stability.
- Conduct risk assessments on IT projects, system changes, and deployment pipelines to identify potential vulnerabilities and control gaps.
- Track and manage risks and ensure follow-up actions are completed. Ensure controls are put in place to mitigate and manage the identified risks.
- Work closely with cross-functional teams including IT Operations, Cybersecurity, and development team to evaluate risks in system rollouts and technology changes.
- Perform daily controls monitoring and review
- Conduct regular reviews on the privilege ID usage, key applications&apos user access
- Design, build and maintain Power BI dashboards and reports for risk identification, analysis and reporting.
- Customize JIRA workflow and automation to adhere to Internal Control&aposs framework and processes.
- Support the Internal Control monthly report publication and ad-hoc reporting.
- Participate and support internal and external audits, including J-Sox reporting, from evidence collection to tracking actions closure.
- Drive a culture of risk awareness and continuous improvement within the organization.
Qualifications
Experience required
- At least 8 years of relevant industry experience in IT Risk Management, IT Governance, Information Security or IT Infrastructure.
- Broad exposure to a range of diverse technology, security concepts, tools, and methodologies
- Experienced in reviewing technology domains across infrastructure, applications, cyber security, cloud technology, IT governance processes
- Experience in IT incident investigation and reporting
- Experience in an energy/commodities trading environment, or related regulatory environment will be an advantage
Technical Requirements
- At least a degree in Computer Science, Information Systems/Security, Business Management or its equivalent, with professional certification in security and controls
- Familiarity with frameworks such as ITIL, COBIT, or ISO 27001 is an advantage.
- Professional certifications such as CRISC, CISA, CISSP, ITIL Foundation, or similar is an advantage.
- Competent in the full suite of MS Office packages - specifically Word, Excel, Visio PowerPoint applications.
- Competent in the use of data analytics and visualization tools (e.g. Power BI, Python, SQL, ACL, Alteryx, Tableau) is a considerable advantage.
- Knowledge of JIRA, Allegro, SUN, CubeLogic, ZEMA and IMOS is an advantage
Person specification
- Strong control mindset and excellent analytical skills
- Demonstrate strong ability to pick up knowledge and conduct reviews on new emerging technology domains.
- Good communication (both written and verbal) and influencing skills, with ability to engage and network with stakeholders at different levels
- Self-starter, who can work with minimal supervision and a positive attitude
- Ability to effectively prioritize multiple projects and meet deadlines to produce high quality work in a very fast paced environment
- Willing to learn and take new challenges with an open mind
- Strong team-player who is flexible and proactive
