Technology Risk Lead, Digital Bank

The Boost-RHB consortium is building towards a Digital Bank, where we strive to make innovative financial services such as these convenient, transparent, and most importantly accessible to anyone and everyone. We want to enable better living for our customers through our inclusive financial services that can universally serve and be embedded in their daily lives.

The Technology Risk Manager in the Boost DigiBank is responsible to establish, manage and review the technology risk governance and risk management together with its related control mechanisms. The role is placed as second line role in accordance to 3 line of defense model in risk management which it requires to facilitate risk management, monitor, independently review and challenge the risk identification & management performed by the first line.

Responsibilities:

• Formulate and facilitate the implementation of Technology Risk Management Framework (TRMF) and Cyber Resilience Framework (CRF) which are aligned to Enterprise Risk Management Framework
• Define and review the technology risk policies, standards and guidelines for Boost DigiBank commensurate with the latest law & regulatory requirements, enterprise risk exposure and appetite
• Review of technology risk governance, processes and control mechanisms to ensure its relevancy with the business and compliance requirements
• Facilitate the identification, assessment (including RCSA), management, and reporting of technology risks in alignment with ERM reporting and processes
• Provide supplementary technology risk assessments tools/template in facilitation of risk management
• Work closely with ERM in performing risk workshop and risk culture awareness
• Develop appropriate technology risk appetite (tolerance levels) and suitable Key Risk Indicators (KRIs) to effectively monitor technology & cyber risks
• Provide complementary risk expertise, support, monitoring, and challenge related to the management of risk
• Provide advisory on technology risk assessment, risk mitigation controls and risk treatments
• Responsible for the establishment, review and update of enterprise-wide technology risk register and risk heatmap
• Consolidate technology risks and generate risk reports for management and board reporting

Requirements:

• Bachelor's Degree in Information Technology (IT), Computer Science or other related discipline with relevant experience in managing cyber risk in financial market infrastructures, critical national infrastructure, military, security intelligence or equivalent
• 6 years of full-time work experience in information security management and/or related functions (such as IT audit and IT Risk Management)
• Professional certification such as CISM, CISA, CRISC, CISSP, or equivalent is highly desirable
• Good understanding of regulatory frameworks and compliance requirements associated with financial services and thorough understanding of end-to-end IT and how IT interfaces with business, risk management and compliance processes and IT Security
• Possess excellent interpersonal skills and able to communicate and manage relationship at all levels including senior management, business users, participants, vendors and team members
• Ability to communicate technology and security risks in business terms to all levels of the organization
• Knowledge of security metrics and technology related key risk indicators