• Home /
  • Careers /
  • Corporate

Infrastructure Security Manager

Apply For This Job

Job Responsibility:

Responsible for identifying, assessing, managing, and mitigating IT-related risks that could impact the organization. This role involves working with cross-functional teams to ensure compliance with regulatory requirements, industry standards, and internal policies, while enhancing the organization’s overall IT risk management framework.

IT Risk Management Framework

  • Develop, implement, and maintain the organization’s IT risk management framework and policies.
  • Identify and assess IT risks related to operations, data protection, and third-party vendors.
  • Establish and regularly update the IT risk register to ensure risks are documented and monitored.

Risk Assessment and Analysis

  • Conduct IT risk assessments, including impact and likelihood analysis.
  • Evaluate existing IT systems, processes, and projects for potential risks.
  • Develop key risk indicators (KRIs) to monitor and track IT risk trends.

Risk Mitigation and Controls

  • Design and recommend appropriate risk mitigation strategies and controls.
  • Collaborate with IT teams to ensure security controls are implemented and effective.

Compliance and Regulatory Requirements

  • Ensure IT practices comply with relevant regulations, such as MAS TRM.
  • Coordinate internal and external audits related to IT risk.

Vendor and Third-Party Risk Management

  • Assess risks associated with IT vendors and third-party services, including cloud providers.
  • Conduct periodic reviews of vendor security practices and contracts.

Collaborate with procurement teams to ensure vendors meet security and compliance standards.

Incident Management and Reporting

  • Support the IT and security team in managing cybersecurity incidents and breaches.
  • Conduct post-incident analysis to identify root causes and preventive measures.
  • Prepare and present regular risk reports to senior management and stakeholders.

Any other tasks assigned by the company.

Requirements:

  • Bachelor’s degree in information technology, Computer Science, Risk Management, or a related field.
  • Professional certifications such as CRISC, CISM, CISSP, or ISO 27001 Lead Auditor/Implementer are preferred.
  • Minimum 5–7 years of experience in IT risk management, cybersecurity, or a related field.
  • Knowledge of regulatory standards such as MAS TRM.
  • Strong knowledge of IT risk management frameworks and methodologies.
  • In-depth understanding of cybersecurity principles, IT controls, and regulatory requirements.
  • Proficiency in assessing and managing third-party/vendor risks.
  • Analytical thinking and the ability to assess complex IT environments.
  • Strong communication and presentation skills to interact with stakeholders at all levels.
  • Experience with IT risk management tools and technologies.
View All Positions

SHARE