Risk Analyst

Job Description Summary

• Support the Region and Country management in the management, implementation, maintenance, monitoring & reporting of the Global Data Centers Singapore's organisation's Governance Risk and Compliance (GRC), Information Security management systems (ISMS), Internal audits, Certifications and external audits, and Data Privacy & Protection (DPP) requirements, activities and projects.
• Responsible for Global Data Centers Singapore's certification audits
• Support Global, Regional & local cross-scope GRC, ISMS, DPP, Certifications & Audit activities and projects.
• To foster and champion a strong governance compliance culture and awareness through internal promotion and training activities.

Specific responsibilities (coverage is for APAC Data center and Singapore Data Center organisations)

Certifications & External Audits

• Obtain, manage, maintain all relevant Data Center certifications & external non-customer audits (Example: ISO27001, PCIDSS, OSPAR, SOC1, SOC2, etc) for Global Data Centers Singapore entity.
• Support Singapore Data Center certification audits as audit focal point between auditees and auditors, and provide advisory on certification audit standards requirements, audit findings and mitigating actions.

Internal Audits

• Plan & conduct internal audits on Global Data Centers Singapore scope to evaluate the Singapore Data Centers organisation's internal controls, and recommend and review audit corrective actions to closure.
• Maintain the local internal audit framework, policies, SOPs, templates, and internal audit programs for Global Data Centers Singapore.

Governance Risk Compliance

• Implement and maintain the Singapore Global Data Centers GRC framework, standards, policies and procedures, and ensuring alignment with Group requirements.
• Support Management in Enterprise Risk assessment & management, Incident management, reviews, key metrics reporting, audits and investigations for the Singapore Global Data Centers organisation.

Information Security Management (ISMS)

• Responsible for the management, implementation, maintenance of the Global Data Centers Singapore's Info Security Management Systems, local info security policies, standards and procedures, and ensuring alignment with NTT Ltd Group requirements and applicable standards such as ISO27001 and OSPAR etc.
• Responsible for Info Security Risk management including info security risk assessments and monitoring, security incident management, key metrics performance monitoring and consolidation, and management reporting for Global Data Centers Singapore.
• Responsible for identifying, monitoring and advising Global Data Centers Singapore organisation of info security alerts, threats and vulnerabilities, and ensuring mitigating activity such as vulnerability management and patching is performed timely.
• Perform info security investigations, inspections and compliance reviews, and support security related internal and external certification audits.

Data Privacy & Protection (DPP)

• Responsible for Global Data Centers Singapore's DPP framework regulatory, standards & policy compliance DPP program adoption, implementation and maintenance and DPP risk management
• Act as point of contact for all data privacy and protection matters, queries, issues, audits and advisory related to Global Data Centers Singapore organisation.
• Responsible to oversee, manage, and act as point of contact for data breaches/data privacy incidents relating to Global Data Centers Singapore

Relevant Skills and Experience

Essential:

• Excellent degree in a related field
• 2 years work experience preferably in or related to Governance, Risk management, Compliance Internal audit and/or Information security management and/or related functions (such as GRC, Enterprise risk management, Internal audit, IT audit, Information Security governance and IT risk management), and competency in standards certifications such as ISO27001/PCIDSS/OSPAR/SOC2.
• Strong understanding and familiarity on governance, risk management principles, internal controls and management systems, audit techniques and standards
• Excellent written, communication and presentation skills, including ability to interpret management system standards, explain concepts such as compliance requirements, risks and audit issues to all levels of the organisation including ground operations and management level.
• Excellent analytical and critical thinking skills, including ability to assimilate new information, root cause analysis, make sound decisions and problem solve.
• Good team working and interpersonal skills, able to interface across all levels and functions, and dealing with multiple stakeholders.
• Ability to manage multiple stakeholders across different teams and working cultures.
• Proven experience working cooperatively in a team environment with the ability to build collaborative relationships.
• Independent self-starter with strong facilitation and good project management skills, including the ability to manage multiple tasks, attention to detail and effective organisational capability.
• Willingness to be hands-on, self-motivated and disciplined in a challenging environment.
• Strong personal ethics and integrity values.

Preferable:

• Understanding of various governance, compliance, risk and auditing concepts with experience in enterprise level frameworks and processes, General IT controls, IT processes (such as information security, application development, IT governance), IT infrastructure (operating systems, databases and networks).
• Certification in any of the below areas or equivalent is a plus:
• CIA
• ISO27001 lead auditor
• CISA, CISSP, CISM