Job Description

General Description:

• As the Manager of Information Security and Digital Risk Management (ISDRM), you will be responsible to support the 2nd line governance and oversight of information security and digital risks (technology, information, and cyber) within the OCBC Malaysia. The primary role would be to supporting CISO/ Head of Information Security & Digital Risk Management providing 2nd line defense roles for cyber, information security and digital risk management.

• Support risk governance and oversight activities and provide effective challenge to strengthen the effectiveness of technology, information or cyber risk in Group, such as risk mitigation programs.
• Perform regular risk monitoring and management reporting on risk posture to management.
• Support the review and enhancement of controls for existing banking services against emerging technology, information and cyber risks.
• Support risk advisory service, including recommendation of risk mitigation options, on technology, information and cyber risks associated with new banking services, fintech initiatives, outsourcing-related arrangements, regulatory and legal guidelines.
• Support bank-wide initiatives to facilitate management of applicable legal & regulatory requirements (e.g., BNM RMiT, MCIPD, PDPA).
• Collaborate with Business Users in assessment of cyber and information security related risks prior rolling out new products or services.
• Support and uplift the bank-wide technology, information and cyber risk awareness and training program.
• Facilitate collaboration effort with Group on Social Engineering Testing Programme.
• Keep abreast of new technologies and related risks, industry trends, and regulatory requirements relating to technology, information & cyber security.

• Degree in Computer Science or equivalent technical degree.
• Relevant professional certifications (e.g., CompTIA Security+, CASP, ITIL, CRISC) would be advantageous.
• At least 1 year experience in technology, information or cyber risk management, information security or IT audit within the financial services industry.
• Proficient in risk management, IT governance, IT audit, information & cyber security standards.
• Good written and communication skills, as well as solution oriented.
• Ability to contribute through others, collaborate well across seniority, cultures, and locations.
• Proactive and able to work well under pressure or tight deadlines.

OCBC Bank