Deputy Manager - Group Information Security & Governance Division

About the job

This role will support the Risk Operation Lead in conducting independent review on Technology-related operational risk and regular reporting,

• Conduct comprehensive review of the risk event report, challenge the adequacy of RCA performed by BU/SU and effectiveness of action plans to mitigate future occurrence.
• Validate that all potential risks are identified and assessed holistically
• Engage with various stakeholders involved which includes IT, Ops Risk Team, risk owners, system owners and process owners as well as communicating outcomes of the RLE report to senior management and key stakeholders.
• Monitor and keep track of the implementation of action plans to ensure timely execution and escalate delay or ineffective risk mitigation action to senior management.
• Conduct comprehensive trend analysis of reported technology-related risk events to identify patterns, emerging risks and systemic control weaknesses.
• Provide insights and recommendation based on analysis findings.
• Participate in enterprise-wide scenario analysis exercise, independently review and challenge technology-related scenarios prepared by the first line of defence.
• Review and challenge the adequacy of current control in addressing the risk identified from the scenario, identify control / process gaps and review action plans to address the identified weaknesses.
• Ensure mitigation strategies enhance resilience against various risk scenarios.
• Assist in developing, implementing, and managing enterprise-wide awareness programs on Technology Risk.
• Develop and distribute infographics covering key topics on Technology Risk and emerging risks.
• Assist in planning, coordinating and execution of division’s awareness event.
• Facilitate training sessions for employees to enhance awareness, reinforce compliance, and promote a risk-conscious culture.
• Periodically update and revamp awareness materials relevant to technology and emerging risk to ensure relevance and effectiveness.
• Support in the facilitation of periodic Technology Risk Control Self-Assessment (RCSA)
• Support preparation, development and enhancement of periodic technology risk report & dashboard for various audiences and committees (including Board and Senior Management)
• Challenge the adequacy and effectiveness of technology and security controls to ensure alignment with best practices and risk mitigation goals.

About the job

This role will support the Risk Operation Lead in conducting independent review on Technology-related operational risk and regular reporting,

• Conduct comprehensive review of the risk event report, challenge the adequacy of RCA performed by BU/SU and effectiveness of action plans to mitigate future occurrence.
• Validate that all potential risks are identified and assessed holistically
• Engage with various stakeholders involved which includes IT, Ops Risk Team, risk owners, system owners and process owners as well as communicating outcomes of the RLE report to senior management and key stakeholders.
• Monitor and keep track of the implementation of action plans to ensure timely execution and escalate delay or ineffective risk mitigation action to senior management.
• Conduct comprehensive trend analysis of reported technology-related risk events to identify patterns, emerging risks and systemic control weaknesses.
• Provide insights and recommendation based on analysis findings.
• Participate in enterprise-wide scenario analysis exercise, independently review and challenge technology-related scenarios prepared by the first line of defence.
• Review and challenge the adequacy of current control in addressing the risk identified from the scenario, identify control / process gaps and review action plans to address the identified weaknesses.
• Ensure mitigation strategies enhance resilience against various risk scenarios.
• Assist in developing, implementing, and managing enterprise-wide awareness programs on Technology Risk.
• Develop and distribute infographics covering key topics on Technology Risk and emerging risks.
• Assist in planning, coordinating and execution of division’s awareness event.
• Facilitate training sessions for employees to enhance awareness, reinforce compliance, and promote a risk-conscious culture.
• Periodically update and revamp awareness materials relevant to technology and emerging risk to ensure relevance and effectiveness.
• Support in the facilitation of periodic Technology Risk Control Self-Assessment (RCSA)
• Support preparation, development and enhancement of periodic technology risk report & dashboard for various audiences and committees (including Board and Senior Management)
• Challenge the adequacy and effectiveness of technology and security controls to ensure alignment with best practices and risk mitigation goals.