Requirements :
• The consultant will work onsite at XL Axiata (XLAT) office
• The consultant must have excellent knowledge and experience in IT General Control (ITGC) and Risk Management.
• The consultant must have at least 10 years of experience in IT Operational Risk and/or IT Audit.
• The consultant must have certification in the relevant field such as CRISC, ITIL, COBIT or CISA.
Statement of Work (SOW) :
1. IT Risk Control Framework Development and Implementation
The consultant will develop and implement an IT Risk Control Framework tailored to the client’s specific environment. This will include:
* Risk Assessment and Identification
* Defining risk appetite and tolerance levels
* Developing risk mitigation strategies and controls
* Implementing controls to reduce the likelihood and impact of risks
* Documenting the framework and associated policies and procedures
* Risk Monitoring and Reporting
* Risk Control Testing
2. Policy and Procedure Development
The consultant will develop IT Governance Framework, IT policies, Standard Operating Procedures (SOPs), Standard Utilization Procedures (SUPs) and Form/checklist to ensure alignment with the IT Directorate business objectives, IT General Control, IT Risk Control Framework, and industry best practices.