Senior Internal Control Analyst, IT Risk, SG
JERA Global Markets
- Singapore
- Permanent
- Full-time
- Ensure an appropriate and tailored IT risk framework is in place and aligned with the overall IC framework;
- Proactively identify IT control gaps and work closely with IT team on the risk mitigations plan and documentation;
- Conduct reviews on the privilege ID usage, ETRM and Finance systems' user access rights to ensure adherence to access controls standards;
- Provide support on IT risk and control type of initiatives, including new system implementation and significant system change projects to ensure that proper controls are considered and included at the design-phase;
- Ensure an optimised set of business process maps is in place and aligned with the system controls;
- Lead and conduct IT related control gaps/incidents reviews, including root cause analysis, identification of mitigating controls, follow-up on the remediation actions;
- Proactively identify control and process improvement initiatives and drive continuous improvement in the organization;
- Provide internal control guidance and support to commercial and functional teams in managing the operational risks, and ensuring the quality and consistency of the internal procedures from an IC perspective;
- Coordinate the Operational Sign Off process for all new business activity/product and tracking action items signed off by relevant functions;
- Perform daily controls monitoring and review;
- Compile and prepare key risk indicator report on a monthly and ad-hoc basis;
- Ensuring consistency of IC approach across the whole JERAGM;
- Coordinate and ensure key JERA GM policies and procedures are updated annually and are aligned to our Parents' Internal Control requirements;
- Provide assistance to both internal and external audits, including J-Sox reporting, and ensure timely completion of all open actions.
- Minimum of 5 years relevant industry experience in risk and control management within IT or IT audit
- Broad exposure to a range of diverse technology, security concepts, tools, and methodologies
- Experienced in reviewing technology domains across infrastructure, applications, cyber security, cloud technology, IT governance processes
- Experience in IT incident investigation and reporting
- Experience in an energy/commodities trading environment, or related regulatory environment will be an advantage
- Experience in Sarbanes-Oxley/J-Sox reporting preferred
- Minimum a degree in Computer Science, Information Systems/Security, Business Management or its equivalent, with professional certification in security and controls
- Knowledge of Application Security frameworks and standards
- Competent in the full suite of MS Office packages specifically Word, Excel, Visio PowerPoint applications.
- Competency in use of data analytics and visualization tools (e.g. Power BI, Python, SQL, ACL, Alteryx, Tableau) is a considerable advantage.
- Knowledge of Allegro, SUN, CubeLogic, ZEMA and IMOS would be an advantage
- Strong control mindset and excellent analytical skills
- Demonstrate strong ability to pick up knowledge and conduct reviews on new emerging technology domains.
- Good communication (both written and verbal) and influencing skills, with ability to engage and network with stakeholders at different levels
- Self-starter, who can work with minimal supervision and a positive attitude
- Ability to effectively prioritize multiple projects and meet deadlines to produce high quality work in a very fast paced environment
- Willing to learn and take new challenges with an open mind
- Strong team-player who is flexible and proactive