Information Security Governance & Risk Specialist

April 30, 2024 | Information Security / Risk Managment & Compliance | 1 positions in Phnom Penh

Job responsibilities

Providing comprehensive oversight and cyber governance management to ensure tolerances within Smart’s risk appetite also assists in ensuring that the Cyber Security Program maintains suitable levels of compliance with applicable standards and regulations through adherence to Cyber Security policies. Analyze and identify non-compliant and ineffective security processes, policies, and controls.

• Lead on the maintaining of Smart’s internal/external compliance requirements by overseeing the collection of evidence.​
• Implements information security risk assessment framework, that align with regulatory requirements & international standard(s),
• Establish/improve information security policies and procedures and keep them updated.
• Conduct the information security monitoring and evaluation (based on annual plan) in order to ascertain the controls are followed and effective.
• Provide the training(s) & other communication, also conduct the testing (phishing simulation exercise ...etc.) to ensure the culture and understanding of the information security are implanted across the organization.
• Perform the information security risk management (both Internal and external stakeholder) following the existing Smart policy and procedure.
• Defines and documents business process responsibilities and ownership of the controls.​
• Documents and reports Compliance gaps, and Control failures to stakeholders.
• Facilitate the management and reporting of cyber security governance.

Job requirements

• Bachelor's degree in cyber security, computer science, telecommunication engineering, or similar fields, or equivalent work experience in IT audit, cyber security, or a related field.
• Cybersecurity risk and security management qualifications are preferred, ISO 27001, ITIL, CoBIT, PCI DSS, NIST, CISA, and CISM
• 3 years in IT/Telco/Technology cyber security governance, audit, risk, and compliance.
• Experience with physical security assessments
• Experience in developing policies and standard requirements based on best practices
• Experience in information system security and auditing roles
• Exhibit fluency in both Khmer and English languages, encompassing reading, writing, and speaking abilities
• Display a dynamic, initiative-driven, approachable, flexible, courageous, and humble personality.

Note: By submitting your CV to our career portal, you have read carefully and agreed to the terms & conditions of our Privacy Notice for Candidates here.