IT RISK MANAGER

About TrueMoneyTrueMoney is a leading international fintech brand providing innovative payment and financial services across seven countries in Southeast Asia. With its user-friendly digital platform, extensive agent network, and comprehensive offline and online services, TrueMoney empowers millions of users to make easy, secure payments and enjoy a more convenient financial lifestyle.Since its establishment, TrueMoney has grown to become the most popular digital financial application in the region, playing a central role in expanding access to financial services and improving quality of life for individuals and MSME communities.TrueMoney is part of Ascend Money, a regional digital financial services company founded in 2013, which reached a major milestone by becoming Thailand’s first fintech unicorn in 2021.--- We seek a person, who can work with a cross-functional team of technical and non-technical key stakeholders to effectively aggregate risk data to consistently drive decision-making, track risk mitigation, and strengthen our risk management program. Key tasks include: Participate in the IT Risk and Control Self-Assessment (RCSA), IT Key Risk Indicators (KRIs) and Control Framework (CF)Review and maintain IT Risk Management Policy, and 3rd Party Risk Management Policy with related Standards, Guidelines, and Operating ProceduresProvide IT Risk Advisory Service on IT projects in a manner to address the current risks and supervise the proper controls to mitigate risk by complying with internal and external regulations and laws.Also preparation reporting to internal meeting i.e.Committee , BOD Implementation of IT risk assessment, support to IT and business units to conduct IT related self-assessment such as IT project, Cloud, DLP, Mobile Digital applications project, or related projects.Measure process or control IT risk to inform business/product and program level IT risk assessment.Recommendations to related team on opportunities for risk mitigation based on established risk tolerance.Building and maintaining strong and positive working relationships and effective means of communication with other risk associates, including the IT Risk Management, Operational Risk Management, and Data risk management and so on.Provide subject matter expertise on Info security of IT risk management framework.Establish IT risk governance (based on Regulations), credibility and maintain strong working relationships with technical and non-technical teams involved with information security matters (Legal, Business, Product Fraud, Security, Networking, Systems, etc.)Establish innovative metrics and regular reporting mechanisms for measurement of risk activity.Monitor the new and/or updated IT / cybersecurity laws, regulations, and international standards and review the existing Information Risk Policy, and related minimum standards to identify gaps and propose the required action plans.Be the coordinator and provide support to the Compliance and Internal Audit functions in the annual self-assessment programs and/or IT audits.Be the coordinator and provide support to the regulators e.g., Bank of Thailand (BOT), Compliance team, and to the external auditors in the independent reviews.Develop and execute communication and marketing strategies to promote a culture of risk management.Drive continued operational and automation improvements to improve operational efficiency.Support ad-hoc data analysis and other assignments.Qualifications5+ years of IT Risk Management experience in banking, payment company or a related industry.Bachelor’s degree in Information Technology, Computer Engineering, Management Information Systems, Computer Science or related field.Knowledge skill: IT Risk management, IT security standard, Mobile Security Testing Guide (MSTG), business risk analysis and making complex business/risk trade-off recommendations and decisions.Good knowledge and understanding in regulations and international standards such as ISO27001, ISO31000, COBIT 5 for Risk, etc.Certified in Risk and Information System Control (CRISC), ISO27001 ISMS Lead Auditor IRCA, ISO27001 ISMS Lead Implementer, is an advantage.Good consulting skills can work under pressure or manage multiple assignments simultaneously to provide deliverables on time.Experience developing and refining technical or mobile digital developer or business operational processes.Ability to communicate clearly with technical and non-technical teams across multiple businesses; written, verbal, presentation, and interpersonal skills.Effectively manage multiple projects and priorities in a fast-paced, deadline-driven environment.Works effectively as an individual and part of a team.Strategic thinker with the ability to see/understand the big picture.Preferred QualificationsManger level, Written and verbal English skill Leadership, teamwork and collaboration skills.Track record for being detail-oriented with a demonstrated ability to self-motivate and follow-through on projects.Ability to solve problems and bring clarity to ambiguous situations.Analytical and quantitative skills to use hard data and metrics to back up assumptions and develop business cases.