Senior Technology Risk Specialist (IT Audit / GRC)

Role Overview

This role supports technology and application risk management across projects and BAU environments. The focus is on identifying risks early, advising stakeholders throughout the project lifecycle, and ensuring risk and control considerations are embedded before systems go live. The role combines hands-on risk assessment with advisory engagement across IT, business, and vendors in a regional MNC environment.

Key Responsibilities

  • Perform technology and application risk assessments, with emphasis on identifying risks early in the project lifecycle and prior to application go-live.
  • Provide risk and control advisory support to project teams, IT, and business stakeholders throughout system implementation, enhancement, and deployment phases.
  • Support IT audit and assurance activities, including planning, execution support, remediation tracking, and follow-up reporting.
  • Identify potential technology and cybersecurity risks across applications, systems, and third-party arrangements, and recommend practical risk treatment options.
  • Engage with vendors and third parties to assess risk exposures and support vendor risk management activities.
  • Collaborate closely with IT, security, compliance, and business teams to ensure risk controls are appropriately designed and implemented.
  • Monitor, track, and report on risk issues, audit findings, and remediation progress to relevant stakeholders.
  • Participate in risk reviews, governance forums, and security assessments as required.
  • Support initiatives involving alignment of risk frameworks and processes across regions or entities following organisational changes or acquisitions.

Requirements

  • Bachelor’s degree in Computer Science, Information Security, or a related discipline.
  • Minimum 5 years of experience across technology risk, IT risk, IT audit, cybersecurity, or related domains.
  • Practical experience in:
  • Application and system risk assessment
  • IT audit or assurance activities
  • Enterprise / IT risk management
  • Solid understanding of technology and cybersecurity risk principles, controls, and governance practices.
  • Experience operating in large enterprise or multinational environments is strongly preferred.
  • Familiarity with common standards and frameworks such as ISO 27001, NIST, COBIT, or equivalent.
  • Strong communication skills with the ability to engage effectively with both technical and non-technical stakeholders.
  • Clear written and verbal communication skills, with a practical, business-focused approach.
  • Fluent in English.
Job Type: Contract (12 Months Renewable)
Job Location: Petaling Jaya

Apply for this position

Allowed Type(s): .pdf, .doc, .docx