Job Description

DescriptionPrimary Objective:We are seeking a highly experienced and dynamic individual to join our team as the Head, Operation Resilience of Third-Party Risk Management (TPRM) and Outsourcing. This role will be responsible for overseeing the development, implementation, and management of comprehensive third-party risk management and outsourcing strategies across the organization. Main focus will be on enhancing the organization\'s resilience to disruptions, sustaining critical operations, and effectively managing risks. Additionally, you will be tasked with providing objective analysis, data, and recommendations to senior management, as well as coordinating and implementing internal and regulatory standards for IT service delivery, business continuity, and resilience.Key Responsibilities:Third-party Risk Management and Outsourcing

• Develop a comprehensive framework, policies, and procedures to effectively manage the risks associated with third-party relationships and outsourcings.
• Take the lead in continuously assessing and conducting due diligence on the resilience of third-party vendors, including reviewing and validating their business continuity plans to ensure they meet the requirements of the organization.
• Serve as a subject matter expert on TPRM and outsourcing matters, keeping abreast of emerging trends, regulatory developments, and industry benchmarks.
• Regularly assess the risks associated with third-party vendors to ensure they comply with both regulatory and organizational standards.
• Drive continuous improvement initiatives by evaluating and enhancing data analytics capabilities to optimize the efficiency and effectiveness of Third-Party Risk Management (TPRM) and outsourcing processes.
• Implement a monitoring and reporting system that includes performance metrics, key risk indicators (KRIs), and reporting dashboards to oversee and track third-party relationships.
• Develop and maintain an incident response plan and protocols to effectively address any incidents, breaches, or disruptions related to third-party vendors.
• Provide support to business and functional areas to ensure consistent identification and assessment of third-party risks in accordance with the established framework, policies, and procedures.
• Collaborate with cross-functional teams to conduct risk assessments, identify potential gaps or vulnerabilities, and implement remediation plans as necessary.
• Partner with internal stakeholders, including Legal, Compliance, IT, and Procurement, to drive a culture of risk awareness and accountability across the organization.
• Utilize data analytics tools and methodologies to collect, analyze, and interpret relevant data for the purpose of identifying trends, patterns, and insights related to third-party risk exposure and performance.

Stakeholder Management and Reporting

• Create and deliver actionable management reports on third-party risk, encompassing operational resiliency, metrics for business continuity management, testing outcomes, and incident response actions.
• Interact with senior stakeholders to effectively communicate operational resiliency concerns and offer guidance and suggestions.
• Provide periodic risk management reports to the group risk committee and board risk committee.

Additional Job Responsibilities:Operational Resiliency and Business Continuity Strategy

• Play a pivotal role in ensuring the Group\xe2\x80\x99s operational resilience and business continuity planning strategy remains robust and compliant with industry standards and regulatory requirements.
• Identify potential threats and vulnerabilities to critical operations, devising proactive strategies to mitigate risks effectively.
• Conduct thorough assessments of Business Impact Analysis (BIA), Risk Assessment (RA), and Business Continuity Management (BCM) prepared by different business units and functional areas.
• Provide hands-on support and review the outcomes of testing for Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) to guarantee their efficacy.
• Serve as a key resource during crisis situations, offering guidance and support to facilitate swift response and recovery efforts.
• Collaborate closely with external stakeholders, including local authorities and suppliers, to ensure the Group\xe2\x80\x99s crisis response aligns seamlessly with local laws and regulations.

RequirementsRequirements:Candidates possess Bachelor in Information Technology or equivalentPreferred level of Experience (by years/function/industry):

• Minimum of 8 years\xe2\x80\x99 experience in Banking including at least 5 years in regulatory frameworks for business continuity management, crisis management, third-party risk and IT disaster recovery in a financial institution or equivalent
• In depth experience of third-party risk management, outsourcing, and vendor management in the supply chain knowledge and best practices, experience with working and implementing outsourcing regulations is desired (i.e., BNM, MAS, BOT)
• Exhibit technical proficiency in areas such as IT infrastructure, cybersecurity, Cloud, and data management.
• Strong leadership, planning & organization, people management and relationship building skills
• Excellent analytical, oral and written skills
• Strong knowledge of risk management frameworks, methodologies, reporting and regulatory requirements.
• Strong oral and written communication skills.

Technical experience:Experienced in establishing, executing, and maintaining risk-based framework, procedures and measures to manage disruptions affecting business and IT functions in at least three or more of the following areas:

• Third Party Risk Management and Outsourcing
• Business Continuity
• IT Disaster Recovery
• Crisis Management
• Operation Resilience
• Governance and Assurance
• Understanding of and experience in applying ISO 22301, ITIL v3, DRI International (DRII) or Business Continuity Institute (BCI) professional practices

Other desirable traits which will be an added advantage:

• Experience in creating and defining new operational models and procedures and explaining complex problems or situations.
• Knowledge of operational resilience best practice and regulatory developments
• Technology risk management.
• IT infrastructure management (e.g., network and databases)
• IT operations (e.g., data centre management, backup, batch processing, incident, and problem management).
• Cybersecurity (e.g., RMIT, NIST framework, security operations, third-party security assessment)
• Comprehensive understanding of Cloud principles, architecture, and services (e.g., SaaS, IaaS and PaaS).

Proficiency in core banking software, system administration, database management and platform.BenefitsDental, Education support, Miscellaneous allowance, Medical, Loans, Sports (e.g. Gym), Parking, Vision, Regular hours, Mondays - Fridays, Casual Business Wear, Performance Based Rewards

RHB Bank