Facilitate the implementation of the annual Information Technology Risk and Control Self-Assessment (ITRCSA) and Technology Risk Materiality Assessment for InnovestX Technology Group.
Continuously monitor information technology risk through the development and analysis of monthly Key Risk Indicator (KRI) reports.
Provide expert consultation and conduct reviews of bottom-up information technology risk assessments performed by business units (First Line of Defense) across defined business processes (e.g., Temporary Exception Process, Information Technology Third-Party Risk Management, Information Technology Project Management).
Proactively identify potential, emerging, and significant information technology-related risks.
Develop and recommend effective control measures to mitigate identified risks.
Oversee and conduct control testing to ensure operational effectiveness.
Organize and coordinate ad hoc meetings with relevant teams to address and resolve critical information technology risk issues.
Maintain and update the InnovestX technology risk profile, ensuring alignment with established INVX risk appetite and tolerance levels.
Define and implement enterprise risk governance and management frameworks at strategic, tactical, and operational levels, aligned with organizational business objectives into actionable risk governance/internal control principles and policies, and delineate associated risk management activities.
Facilitate and support SCBX Group and regulatory assessment activities, including SCBX CyberCOE Maturity Assessment, SCBX Technology Risk Maturity Assessment, and Bank of Thailand/Securities and Exchange Commission (BOT/SEC) annual audits
Qualifications
Bachelor's or Master's Degree in Information Technology, Computer Engineering, Cyber Security, or related fields
Experience in IT Risk Management, Cyber Security, IT Auditing, or Technology Governance
Experience in Financial Services industry is preferred
Professional certifications such as AWS Security Specialty, CISSP, CISA, or CRISC
Knowledge of ISO 27001, COBIT, COSO, and IT Risk Management frameworks
Understanding of Network Security, Cloud Security, and Enterprise Architecture (TOGAF)
Core Competencies
Strong analytical and critical thinking skills
Ability to work collaboratively across teams and functions
Good communication and stakeholder management skills
