Information Security Governance & Risk Specialist

February 28, 2023 | Accounting/Finance/Risk Management | 1 positions in Phnom Penh

Job responsibilities

Providing comprehensive oversight and cyber governance management to ensure tolerances within Smart’s risk appetite, also assist in ensuring that the Cyber Security Program maintains suitable levels of compliance to applicable standard and regulations through adherence to Cyber Security policies. Analyze and identify non-compliant and ineffective security processes policy and controls.

• Lead the maintenance of Smart’s internal/external compliance requirements by overseeing the collection of evidence.
• Implements security risk assessment framework, that align with regulatory requirements, ensuring documented and sustainable compliance that aligns with business objectives.
• Evaluate and manage risks. Improve security positioning through process improvement and policies.
• Continuously monitors information security controls, exceptions, and risks.
• Develops reporting metrics, dashboards, and evidence artifacts.
• Defines and documents business process responsibilities and ownership of the controls.
• Documents and reports Compliance gaps, and Control failures to stakeholders.
• Facilitate the management and reporting of cyber security governance

Job requirements

• Bachelor's degree or BS degree in cyber security, computer science, telecommunication engineering, or similar fields, or equivalent work experience in IT audit, cyber security, or a related field, is required.
• Cyber security risk and security management qualifications are preferred, ISO 27001, ITIL, PCI DSS, NIST, CISA, CISM
• At least 3 years of experience in IT/Telecom/Technology cyber security governance, audit, risk, and compliance is required.
• Experience in physical security assessments, developing policy and standard requirements based on best practices.
• Experience in information system security and auditing roles
• Have knowledge and ability to understand the telecommunications industry, the end-to-end architecture, the value chain, systems, and interconnectivity/inter-operation, including the process flow from the customer to the service in support of service delivery and the services from the customer demands to the delivery, in the context of your domain of expertise.
• Have knowledge and ability to define, update, and implement the company information system management and audit policy.
• Have knowledge and ability to understand business processes and improve internal service level agreements (SLAs) and methods to make the unit more efficient.

Note: By submitting your CV to our career portal, you have read carefully and agreed to the terms & conditions of our Privacy Notice for Candidates here.