Job Description

:

• Leadership in providing independent insights, analysis and reporting of technology risk themes to Senior Management and the Board.
• Lead & Manage the ongoing development and execution of Independent Assurance and Validation of compliance to applicable Regulatory Technology Risk Management policies and approved Group Technology Risk Management framework across all group entities, businesses and functional lines.
• Govern the effective implementation and governance of the Technology Risk Management and Group NFRM framework and policies across the Group Entities and countries.

Job Responsibilities

• Overseeing and providing constructive challenge to the 1st Line of Defense\'s execution and implementation of the Operational Risk Management and Technology Risk Management\'s Policy and Procedures.
• Collaborate with GT Governance team (1.5) to facilitate the effective execution of ORM policies, process, procedures and improve the effectiveness of ORM tools execution by 1st Line of Defense.
• Analyze and correlate information surfaced in the various ORM tools and form independent risk views on technology risk trends, thematic issues and emerging risks to look out within the Group.
• Lead discussions with GT Units on technology risk trends, thematic issues and emerging risks.
• Lead and perform Independent Risk Assessments to ensure effectiveness of controls and GT units are in compliance to the Operational Risk Management Framework, Technology Risk Management Framework, Cyber Resilience Framework and polices as well as BNM\'s RMiT Policy.
• Working closely with GT Unit\'s Risk Control Officer (RCO) &/or DCORO to ensure key technology risks are identified, mitigated and monitored.
• Collaborate with Group Corporate Assurance Division (GCAD) on technology audit reviews to provide 2nd Line of Defense feedback from technology risk perspective.
• Provide advisory and guidance to business units in compliance to ORM Framework and TRMF.
• This role will support the CISO and Group Head of Technology Risk Management to execute the technology risk priorities.
• Overseeing and providing constructive challenge to the 1st Line of Defense\'s execution and of the Operational Risk Management Policy and Technology Risk Management Framework.
• Analyze and correlate information surfaced in the various ORM tools and form views on technology risk trends, thematic issues and emerging risks to look out within the business
• Ensure GT units are in compliance to the Operational Risk Management Framework and Policy, Technology Risk Management Framework and Policy and BNM\'s RMiT Policy.
• Design and implement assurance programs for the Key Technology Risk Areas, and provide measurements and insights into the hotspots for senior management attention.
• Prepare monthly IT Risk Assurance Summary Dashboard for reporting to senior management and boards.
• Validation of ShARP System Tools (CIM/LED/KRI/RCSA).
• Validate risk assessments of outsourcing of technology / systems, and provide guidance on the 1.5 LOD governance over the vendor\'s responses in TRM checklist.
• Provide independent assurance program for compliance to Regulatory and Group Technology Risk Management policies and controls across all group entities.
• Oversee and participate in NFRM projects, as required.
• Lead discussions with GT Units on technology risk trends, thematic issues and emerging risks.
• Working closely with GT Governance and GT Unit\'s Risk Control Officer (RCO) &/or DCORO to ensure key operational risks are part of existing GT Unit RCSA\'s and improve the effectiveness of ORM tools execution by 1st Line of Defense.
• Lead and execute the Independent Risk Assessment program with GT Governance.

Job Requirements

• Possess a Bachelor Degree in IT or relevant from any reputable University
• Relevant Certifications, e.g: - Certified Information Systems Auditor (CISA) / Certified in Risk and Information Security Control (CRISC) / ISO 27001 Lead Auditor
• Preferably in Banking: - Technology Risks, Compliance or Audit / Project Management / Fraud Investigation / Third Party / Operational Risk

**Only shortlisted candidates will be notified

CIMB