Senior Specialist - IT Governance, Risk Management, ControlsMalaysia
Life at Grab
At Grab, every Grabber is guided by The Grab Way, which spells out our mission, how we believe we can achieve it, and our operating principles - the 4Hs: Heart, Hunger, Honour and Humility. These principles guide and help us make decisions as we work to create economic empowerment for the people of Southeast Asia.
Get to know the Team
Grabber Technology Services (GTS) aims to be a technology leader that provides predictive and seamless experiences to all Grab employees (Grabbers). We are a diverse team of technology practitioners looking to out-serve Grabbers with positive, personalised IT experiences. We are looking for individuals with similar customer-centric and innovative values to join our growing team.
Get to know the Role
The GTS Governance Specialist reports to the Governance Leader. The Governance team is the trusted IT Risk advisor and partner to ensure the appropriate IT Risk and controls are in place.
The Day-to-Day Activities
This role will:
Support Governance Leader in the GTS Governance program to roll out the right level of IT controls required for the overall Grab and GTS IT Risk Management framework and processes.
Improve and maintain GTS IT Risk Management framework and processes, including alignment to Grab ERM framework and processes
Take lead in the development, review and reporting of key IT risk exposures and metrics (e.g. KRIs and KPIs), and provide independent reporting on the IT risk posture or activities to the management team and stakeholders (e.g. second line of defence)
Conduct IT risk assessments; identify and assess IT risks, evaluate countermeasures and recommend effective controls to mitigate IT risks.
Monitor IT risks, map risk profiles and manage the IT risk register,
Develop and maintain excellent working relationships with risk owners, and manage risks to minimize impact from incidents, breaches or non-compliance
Deliver technology risk oversight using data-driven risk reports and ensure maintenance of IT risk register
Identify and implement initiatives to promote and uplift the IT Risk Management culture in GTS
Conduct regular communication and refresher trainings to maintain a good level of IT risk awareness
Assist with the management and coordination of audits (e.g. IT SOX)
Perform ad-hoc independent thematic reviews on IT processes to uncover issues and follow through with the remediation action plan.
Provide ad-hoc due diligence and advice on IT Risk topics for Merger and Acquisition (M&A) as needed
At least 5 years of relevant experience in IT Governance, Risk Management and Controls
Deep expertise in Enterprise IT Governance including IT risk management and controls using COBIT (COBIT 5 or COBIT 2019) framework in highly regulated environments.
Excellent business acumen, commercial and analytical skills to negotiate and influence stakeholders.
Excellent problem-solving, critical thinking and applying sound project management to assigned work.
Excellent communication (written, verbal and presentation) and interpersonal skills
Ability to work independently on semi ambiguous tasks with limited supervision
CISM or CISA or CRISC certifications
COBIT 2019 Foundation Training
We recognize that with these individual attributes come different workplace challenges, and we will work with Grabbers to address them in our journey towards creating inclusion at Grab for all Grabbers.
Follow us and keep updated!
Grab is an equal opportunity employer. We owe our success to the talents of our globally-diverse team and the varying perspectives they add to our thriving community.
Grab does not accept unsolicited resumes sent by recruiting agencies. Please do not forward resumes to our job postings, Grab employees or other parts of the business. Grab will not be liable to pay any fees to agencies for candidates hired as a result of unrequested resumes.