ROLE PURPOSE

Technology GRC Specialist will be responsible for supporting and executing the governance, risk, and compliance activities across Technology streamline within Technology division. This role ensures that technology systems, processes, and services comply with internal policies, regulatory requirements, and industry standards. The specialist works cross-functionally to identify IT risks, support risk assessments, track compliance, and facilitate audits, while helping to embed a risk-aware culture across the organization. 

KEY RESPONSIBILITIES

• Perform risk assessments for IT systems, processes, and projects to identify and evaluate technology related risks
• Monitor compliance of internal technology controls, IT policies, regulatory requirements (e.g., ISO 27001, NIST, GDPR), and external audits
• Support the development, maintenance, and implementation of IT governance frameworks and risk management procedures
• Facilitate and track remediation of audit findings, risk treatment plans, and control gaps
• Assist in managing the IT risk register and ensure timely updates and reporting
• Collaborate with security, infrastructure, and application teams to assess risk impact and control effectiveness
• Support business continuity and disaster recovery planning, testing, and documentation
• Prepare reports and dashboards for IT risk posture, compliance status, and key metrics for stakeholders and leadership
• Conduct training and awareness programs related to technology risks

Education & Special Training

Essential 

• Bachelor’s degree in Computer Science, Information Technology, or a related field

Desirable 

Relevant certifications in Technology GRC (e.g., CISA, CRISC, CGEIT) are highly advantageous 
Experience

Essential  

• Minimum of 3 years of experience in IT governance, risk management, compliance, or audit
• Strong understanding of IT controls frameworks such as ISO 27001, NIST, COBIT
• Experience with IT risk assessment methodologies and compliance tracking tools
• Knowledge of regulatory requirements relevant to the industry
• Excellent communication, documentation, and stakeholder engagement skills

Desirable 

• Experience in the financial or banking sector 

Knowledge & Skills

• Proficiency in technology risk management frameworks and methodologies
• Familiarity with enterprise IT environments including cloud, DevOps, and third-party risk management 
• Understanding cybersecurity principles and best practices
• Expertise in IT infrastructure and operations management
• Leadership and people management skills
• Strong communication and interpersonal skills
• Ability to manage multiple priorities and projects simultaneously
• Strategic thinking and problem-solving abilities
• Strong analytical and decision-making skills
• High level of integrity and professionalism
• Ability to work under pressure and meet tight deadlines

Languages

• Excellent verbal and written communication skill; both in Myanmar and English