About TrueMoney
TrueMoney is a leading international fintech brand providing innovative payment and financial services across seven countries in Southeast Asia. With its user-friendly digital platform, extensive agent network, and comprehensive offline and online services, TrueMoney empowers millions of users to make easy, secure payments and enjoy a more convenient financial lifestyle.
Since its establishment, TrueMoney has grown to become the most popular digital financial application in the region, playing a central role in expanding access to financial services and improving quality of life for individuals and MSME communities.
TrueMoney is part of Ascend Money, a regional digital financial services company founded in 2013, which reached a major milestone by becoming Thailands first fintech unicorn in 2021.
---
We seek person in IT risk, Operational risk, who can work with a cross-functional team of technical
and non-technical i.e., Security, procurement, IT, finance, Compliance and legal to help develop our
third-party vendor risk evaluation process to effectively aggregate risk of vendors (Third-party
vendors) starting from selection and on-going program.
Responsibilities:
- Implement Third party Vendors management policy and ensure that all activities and efforts are consistent with company policies, guidelines and in alignment with regulatory guidance
- Design policies and procedures that support the successful implementation
- Recommendations to related team on opportunities for risk mitigation based on established risk tolerance.
- Establish questionnaire, checklist, and risk score for vendors evaluation process
- Partner with co-workers to coordinate the implementation of third-party controls and mitigation plan
- Perform on-going review based on Third party risk factors i.e., risk level, performance, complaints & issues
- Facilitate the assessment of new and review existing third-party inherent risk, using questionnaires to collect and document risk ratings
- Review completed risk assessments and confirmed completion of due diligence prior to agreement signature
- Responsible for adhering to third-party risk metrics supporting completeness, accuracy, and timeliness of third-party risk activities
- Assists with gathering data and providing information during Internal Audit Reviews and Regulatory Examinations
- Support the design and implementation of third-party risk operating models, identifying, evaluating, and providing solutions to evaluate complex business and technology risks
- Drive continued operational and automation improvements to improve operational efficiency.
- Support ad-hoc data analysis
Qualifications
- 5+ years of IT Risk Management experience in banking, payment company or a related industry.
- Bachelors degree in Information Technology, Computer Engineering, Management Information Systems, Computer Science or related field.
- Knowledge skill: IT Risk management, IT security standard, Mobile Security Testing Guide (MSTG), business risk analysis and making complex business/risk trade-off recommendations and decisions.
- Good knowledge and understanding in regulations and international standards such as ISO27001, ISO31000, COBIT 5 for Risk, etc.
- Certified in Risk and Information System Control (CRISC), ISO27001 ISMS Lead Auditor IRCA, ISO27001 ISMS Lead Implementer, is an advantage.
- Good consulting skills can work under pressure or manage multiple assignments simultaneously to provide deliverables on time.
- Experience developing and refining technical or mobile digital developer or business operational processes.
- Ability to communicate clearly with technical and non-technical teams across multiple businesses; written, verbal, presentation, and interpersonal skills.
- Effectively manage multiple projects and priorities in a fast-paced, deadline-driven environment.
- Works effectively as an individual and part of a team.
- Strategic thinker with the ability to see/understand the big picture.
