Job Description

: Job Purpose *
To assist the Group Technology (GT) - Third Party Risk MY office to facilitate the operationalization of the Third-Party Risk Management (TPRM) Framework within Group Technology. This is to ensure proper controls are in place in respect to third party risk management and standardising the process and procedures. Apart from that, will also provide guidance to all GT Service Owners (SOs) / Services Recipients (SRs) on the processes / procedures throughout the period of engagement with respective third parties until discontinuation of the arrangement or termination (if required).The aim is to enforce a standardize manner to have strong oversight in managing risk associated with third parties within the approved risk appetite to mitigate risks which potentially could results in disruptions to business operations, financial loss or reputation damage.
Key Responsibilities *

• Facilitate the following processes and become the liaison between GT and Group Non-Financial Risk Management-Third Party Risk Management (GNFRM-TPRM) as part of the TPRM Framework operationalization:
• Ensuring the respective GT SOs/SRs to provide the updated declaration of third-party arrangement and declaration of the materiality evaluation and business risk assessment for each arrangement and perform first level review to ensure appropriate information are stipulated as per required by GNFRM-TPRM with necessary approval / sign-off
• To consolidate and ensuring continuous updates to the list of third parties within GT and the relevant information on respective arrangement as per specified in the Register of Third-Party Arrangement
• Consolidate yearly Third-Party Arrangement Plan covering new and existing arrangement
• Coordinate with empanelled consultants to perform respective due diligences based on the materiality, criticality and business resiliency of each third parties and track the subsequent periodic due diligences
• Review and track the relevant findings from the due diligences and remediations and controls proposed by the empanelled consultants. Subsequently to sync up with GNFRM-TPRM on next course of action
• Under certain circumstances, to support the due diligences when required depending on the workload and scope (where relevant)
• Provide guidance on the processes and procedures to respective GT SOs/SRs
• Assist in the preparation of reporting to relevant stakeholders or committees on the progress and status of the operationalization of the TPRM Framework
• Collaborate with the relevant stakeholders to achieve the above with GT Vendor Management, GNFRM-TPRM, Group Strategic Procurement and other entities that are relevant as part of third-party risk management
• Continuously provide relevant processes or procedures improvement and to update the relevant SOPs to ensure efficiency and effectiveness

Note: Key responsibilities may not be limited to the above and may subject to change based on new requirements such as regulatory requirements, management discretions, process improvement etc.
Job Specification *Qualifications(Basic Degree/Diploma etc.)

• Bachelor's degree in information technology or a related study, or equivalent experience in third party risk management, technology audit or compliance.

Professional Qualification and/or Regulatory, Licensing requirements

• Knowledge of regulatory requirements such as BNM RMiT and BNM Outsourcing Policy Document

Relevant Work Experience

• Minimum 4 - 6 years in third party risk management preferably in the banking industry or in technology audit or compliance

Required Competencies and Skills *Competencies/Skills(Essential to succeed in this job)

• Highly result oriented and able to work independently.
• Ability to build relationships and interact effectively with internal and external parties.
• Strong analytical and able to make decisions, exhibit sound and accurate judgment and recommending remediation and controls based on the industry best practices.
• Good understanding on the third party and its arrangement from the aspects of materiality, criticality, risks, remediations and controls and the ability to align to these throughout the risk assessment / review.
• Strong written and verbal communication skills, interpersonal skills, and the ability to interface effectively

CIMB