Role
The Day-To-Day Activities
1. Governance Framework & Policy Management
• Develop, implement, and maintain technology governance frameworks, policies, standards, and guidelines.
• Lead periodic policy reviews to ensure alignment with regulatory requirements and best practices (ISO 27001, COBIT, ITIL, NIST).
• Facilitate governance forums, steering committees, and approval processes.
2. Risk & Compliance Oversight
• Lead and coordinate technology-related risk assessments (IT, network, cybersecurity, cloud, operational).
• Ensure timely remediation of risk treatments and audit findings.
• Drive regulatory compliance activities (e.g., PDPA, MCMC, ISO certifications).
• Identify emerging risks and evaluate effectiveness of existing controls.
3. IT Controls, Internal Audit & Third Party Audit Assurance
• Establish, maintain, and monitor IT General Controls (ITGC), cybersecurity controls, and network controls.
• Lead periodic internal control testing cycles and evaluate control effectiveness across IT and network domains.
• Support internal audits by preparing evidence, coordinating with control owners, responding to audit queries, and ensuring timely closure of findings.
• Coordinate third party audits (regulatory audits, ISO 27001 audits, security assessments, vendor audits) including planning, evidence management, walkthroughs, and remediation tracking.
• Oversee governance of outsourced/managed services to ensure contractual and security compliance.
• Provide assurance over critical technology processes such as access management, change governance, configuration standards, and incident response.
4. Change, Incident & Problem Governance
• Oversee governance of technology changes, ensuring risk-based evaluation, testing, documentation, and approval compliance.
• Review high-impact incidents and root cause analysis (RCA) reports to ensure governance and control adherence.
• Monitor trends in incidents and changes to drive process improvements and prevent recurrence.
5. Technology Risk Reporting & Stakeholder Engagement
• Prepare governance dashboards and reports for senior leadership, risk committees, and the Board.
• Act as the primary liaison for auditors, regulators, and internal stakeholders on governance matters.
• Conduct briefings and training sessions for IT, network, and cybersecurity teams on governance requirements.
6. Project & Investment Governance
• Oversee governance compliance for technology initiatives and digital transformation projects.
• Ensure security and risk assessments are integrated into project lifecycles.
• Validate alignment of secure by design with enterprise architecture and governance frameworks.
7. Continuous Improvement & Governance Culture
• Promote a culture of accountability, compliance, and governance excellence across technology functions.
• Identify opportunities to streamline governance processes without compromising risk posture.
• Lead awareness sessions and campaigns related to governance, policy compliance, and risk ownership.