Cyber Security Analyst

Job Title:

Notice Period: 0 - 30 Days

Work Mode: Hybrid

Interview Mode: 1st round is Virtual interview & 2nd round is F2F is Must

Position Purpose:

The IT Risk and Control Analyst plays a critical role in strengthening the risk culture within WMIS by driving the adoption of IT Risk frameworks, ensuring regulatory compliance, and reducing IT-related risk exposure. This role exists to proactively identify, assess, and monitor IT risks, perform IT control assessments, and report risk metrics to senior stakeholders. The position directly supports the APAC region and contributes to global risk visibility and risk mitigation initiatives.

Responsibilities:

Direct Responsibilities:

1. IT Risk Management

• Identify, assess, and monitor IT risks related to WMIS activities.
  
• Record and maintain risk registers; provide regular reporting.
  
• Oversee the execution and monitoring of risk mitigation plans.
  
• Assess IT risks across the project lifecycle and track until resolution.
  

2. IT Control

• Conduct IT control testing aligned with the Groups internal control framework.
  
• Monitor corrective action plans arising from control deficiencies.
  
• Ensure compliance with group-wide control standards.
  

3. Shadow IT Governance

• Maintain and assess the Shadow IT inventory for the APAC region.
  
• Coordinate assessments to ensure non-compliant IT assets are identified and managed.
  

4. Operational Incident Risk Management

• Evaluate operational risks from production and project-related incidents.
  
• Ensure proper recording, escalation, and handling of incidents.
  
• Maintain historical records for risk measurement and trending analysis.
  
• Contribute to lessons learned and prevention measures.
  

5. Reporting

• Generate timely and accurate IT Key Risk Indicator (KRI) reports for regional and global management.
  
• Contribute to management dashboards and executive summaries of IT risk posture.
  

Technical & Behavioral Competencies:

• Deep understanding of

  IT Risk Management

  principles and practices.
• Familiarity with

  IT System Development Life Cycle (SDLC)

  methodologies.
• Strong knowledge of

  banking industry IT systems

  and compliance requirements.
• Proficiency in

  Microsoft Office Suite

  , especially Excel and PowerPoint.
• Experience with

  ServiceNow GRC

  or other GRC platforms (preferred).
• Excellent communication skills in

  English

  (both written and verbal).
• Strong

  interpersonal, coordination, and analytical

  abilities.
• Team-oriented with a collaborative mindset.
  

Value-added Competencies

• High integrity and confidentiality in handling sensitive information.
• Awareness of

  data governance

  ,

  data protection

  , and relevant regulatory frameworks (e.g., MAS, GDPR).
• Strong management reporting capabilities.
• Ability to respond to ad hoc executive requests with agility and precision.
• Understanding of

  risk measurement metrics

  and dashboards.

Qualifications

• Bachelors Degree in

  Information Technology

  , Computer Science, or related field.
• 10 to 15 years of relevant experience in

  IT Risk Management, IT Audit

  , or

  IT Security

  , preferably in a

  banking environment

  .
• Risk Management certifications such as

  CRISC

  ,

  ISO 31000

  ,

  CISA

  , or equivalent are preferred.
• Experience with

  project management

  is a plus.