Reporting to the Principal IT Consultant, this role supports the Communications & Information Technology Division by ensuring robust IT Governance, Risk & Compliance (GRC) which includes development, implementation, and monitoring of IT governance frameworks, policies, processes to ensure the organisation’s IT practices align with regulatory requirements, industry standards, and strategic business goals.

Key Responsibilities

• Drive organisational awareness and engagement to support IT GRC objectives.
• Manage and coordinate IT audits by working with internal stakeholders to gather required information and review submissions to auditors.
• Ensure IT policies, procedures and controls are up to date, properly documented with relevant stakeholders, and aligned with current processes to reduce risk.
• Develop, maintain, review and report on the IT Risk Register.
• Perform internal control testing or sampling checks to ensure compliance with IT policies and procedures.
• Schedule and participate in periodic risk self-assessments, and track remediation action plans to closure.
• Support initiatives to assess the adequacy and effectiveness of IT controls and policies and oversee remediation activities to address compliance gaps.
• Coordinate with relevant stakeholders on quarterly IT Disaster Recovery (ITDR) exercises and follow-up actions.
• Consolidate IT incidents and conduct root cause analysis.
• Identify gaps in IT processes and work with stakeholders to implement remediation measures (e.g. work process gaps in Low Code/No Code platforms). 
• Assist in reviewing meeting minutes of quarterly division and IT committee meetings.

Job Requirements

• Bachelor’s degree in Information Technology, Computer Science or a related field, with at least 8 years’ experience in IT governance, audits and risk management.
• Proven experience with ISO27001 compliance efforts; certification experience is highly desirable.
• Strong knowledge and experience with standards and frameworks such as ISO27001:2022, Cybersecurity Trustmark and Personal Data Protection Act (PDPA).
• Strong analytical and problem-solving skills.
• Ability to work independently as well as collaboratively across teams.
• Strong written and verbal communication skills, with the ability to engage stakeholders at all levels.  
• Positive attitude, proactive mindset and an excellent team player.