IT Risk & Compliance
Apply on
Position: IT Risk & Compliance Lead/Associate
Location: TRX
Type: Permanent
Mode: Onsite
ACCOUNTABILITIES AND RESPONSIBILITIES
1. Collect information and review documentation to ensure that risk scenarios are identified and evaluated.
2. Identify legal, regulatory and contractual requirements and organizational policies and standards related to information systems to determine their potential impact on the business objectives.
3. Perform monthly/quarterly submissions and annual review on Bank/BNM Key Risk Indicators (KRI), Risk Control Self Assessments (RCSA), Compliance Self Assessment Review (CSAR), Compliance Matrix (CMAX), Cyber Resilience Maturity Assessment (CRMA) and Management of Customer Information and Permitted Disclosures (MCIPD).
4. Coordinate submissions on Technology Risk Dashboard on monthly basis to Technology Risk Management team and send all Risk & Compliance communications to Technology Staff on adhoc basis.
5. Collect and validate data that measure key risk indicators (KRIs) to monitor and communicate their status to relevant stakeholders in their decision-making process.
6. Facilitate independent risk assessments and risk management process reviews to ensure they are performed efficiently and effectively.
7. Review all the Department's documentations related to Risk and Compliance prior to submission to BRCM (for e.g. Master Service Agreement/ renewal Agreement/ Letter to BNM/ Guidelines and Procedures/ Due Diligence Checklist/ Cloud Risk Assessment/ Material Risk Assessments etc) and provide advisories to IT Project Managers.
8. Timely reporting/escalation of any compliance issue/breaches to respective BRCM and submission of Lost Event Report via GCM System for IT related Priority 1 & 2 incidents.
9. Close monitoring of submission of Compliance documents reviews, surveys for BNM and PayNet queries/updates and BNM Reviews to ensure that they are done within agreed timeline.
10. Any special assignment to undertake special/ad-hoc assignments as and when directed by Head, Governance Risk & Compliance (GRC).
REQUIRED QUALIFICATIONS & PROFESSIONAL SKILLS
Qualifications:
• Bachelor's degree in Business, IT, Risk Management, or a related field or relevant certifications (e.g., CISA, CISSP, CRISC) is a plus.
• More than 5 years of relevant experience in risk and compliance
• Proven experience in governance, risk management, or compliance roles, preferably in financial institutions
• Strong knowledge of regulatory frameworks, industry standards, and best practices related to GRC.
• Exceptional analytical skills and the ability to assess complex risks and provide practical solutions.
• Excellent communication and interpersonal skills to work effectively with cross-functional teams and external stakeholders.
• Detail-oriented with a commitment to maintaining the highest standards of integrity and ethics, strong organizational skills and the ability to prioritize and manage multiple tasks efficiently