8/11/2019 Duties Manager,Audit Risk

1/1

1. Duties for the post of Manager, Audit Risk

1 To assess the likelihood of the risks identified that could materialize and their impact.

2 To design and implement processes by which identified risks can be managed and mitigated.

3 To provide solutions how to reduce the incidence of the risk identified materializing.

4 To set up an effective risk management and control processes.

5 To provide assurance that the processes and key risks are being effectively managed.

6 To continuously develop policies and procedures on risk and control.

7 To quantify the cost of operating particular controls relative to the benefits obtained in managing the related risks.

8To explore strategies to be adopted to reduce the incidence and impact on MPA of those risks that domaterialize.

9 To monitor the IT system and ensure that software implemented are reliable to provide relevant information toManagement for good decision making.

Information Security Officer Duties

10 To coordinate the development of MPA information security policies, standards and procedures

11To work with key IT office, data custodians and governance groups in the development of such policies,standards and procedures

12 To ensure that MPAs policies support compliance with external requirements

13 To oversee the dissemination of policies, standards and procedures.

14To coordinate the development and delivery of an education and training programme on information security andprivacy matters for employees, and other authorized users.

15 To serve as MPA compliance officer with respect to information security policies and regulations.

16To develop and implement an Incident Reporting and Response System to address security incidents (breaches)and to respond to alleged policy violations, or complaints from external parties

17To serve as the official contact point for information security, privacy and copyright infringement incidents,including relationships with law enforcement entities

18To develop and implement an ongoing risk assessment program targeting information security and privacymatters

19 To recommend methods for vulnerability detection and remediation

20 To oversee vulnerability testing

21 To represent MPA on Information Security matters

22To keep abreast of latest security and privacy legislation, regulations, advisories, alerts and vulnerabilitiespertaining to the MPA and its mission

23 To participate actively in MPA Disaster Recovery Planning

24 To ensure that staff of the department are properly trained

25 To assist in the implementation of a performance management system

26 To be fully responsible and accountable in respect to successful implementation of projects falling under thepurview of the department and more specifically with respect to:(i) timely completion of project;(ii) adequacy in the fulfillment of the terms of contract;

(iii) monitoring and reviewing of Contractors Performance and Compliance;(iv) periodic reporting with particular attention to identifying and addressing timely and appropriately any sub-standard performance or deviation;

(v) monitoring of budget and actual costs of project and reporting of any variation.

27 To coach, guide and mentor all staff in his/her department

28 To play an active role in promoting safety and security at the MPA

29 To adhere to and promote MPAs corporate values

30 To contribute to the enhancement of the Port Environment