[What the role is]
As an Assistant Manager in the Governance, Risk and Compliance (GRC) team in the Digital Technology Transformation division, you will track, manage and report on the risk management and governance of ICT and Smart Systems (ICTSS) at Sentosa Development Corporation (SDC).
Reporting to the GRC Manager, you will manage systems under GRC custody including the IT Service Management (ITSM) system for service/change requests and incident reporting, Project Management Governance, Compliance tracking, Digital Governance Platform and maintenance of GRC knowledge-bases and document repositories.
You will work closely with system managers to maintain the SDC system inventory and track system changes, periodic and adhoc cybersecuriy testing, IT risk assessments, audits and follow-up on findings and open items until closure.
[What you will be working on]
- Manage GRC systems (e.g. ITSM, DGP, etc.), knowledge base, guidelines and forms in SharePoint Online repository.
- Coordinate the tracking and reporting of ICTSS Delivery and Support Projects under Project Management Governance.
- Support the GRC Manager in maintaining ICTSS Policies and System Security Plans (SSPs).
- Work with the security testing vendor to plan, track and report on periodic VAPT/SCR security tests, liaise with system managers to close findings on a timely basis, while maintaining and monitoring the overall tracking on the in-house CSAS Dashboard system.
- Support IT Audit review sessions and RFI responses with relevant internal and external stakeholders when required.
- Manage the standardized processes on the ITSM platform and support the development and maintenance of workflow solutions Microsoft 365 Power BI, Power App & Power Automate, ServiceNow Workflow / Automation Engine and AI Bots (training provided where required).
[What we are looking for]
- Diploma/Degree in Information Technology or related field.
- Minimum 2 years of IT application system life-cycle management and/or system support & management.
- Familiarity with data and cybersecurity risks and controls in system implementation and support stages, including vulnerability assessment / penetration testing (VA/PT) and SCR (source code review) for cloud-hosed, web-based and mobile solutions.
- Understanding of IT risk management.and controls.
- Exposure to system audits and/or public sector system policies and governance is an advantage.
- Ability to handle occassional tight deadline, and manage project constraints in a dynamic environment including adhoc system risk profiling, risk assessment and reporting.
- Familiarity with government procurement processes.
- Good communication skill – written and spoken.
- Ability to work well within a team and across a broader group of system managers.
- Familiarity with ServiceNow ITSM processes, Workflow and Automation Engine and/or exposure to development/support of automated solutions on Microsoft 365 Power BI, Power App and Power Automate, and AI Bots is a plus