Assistant Manager

As a member of the Group Information Security and Governance (GISGD), CISO office, this role involves overseeing the implementation and execution of the Group’s Technology Risk Management (TRM) policies, guidelines, methodologies, and initiatives. The position is responsible for maintaining the IT Risk Framework, ensuring its associated controls are effectively managed and reported. Additionally, the role involves planning, managing, and implementing IT Risk Governance processes, including the development and identification of comprehensive governance activities to mitigate and manage IT-related risks across the Group.

Responsibilities

• Identify, assess, and evaluate risks to support the execution of the IT risk management strategy.
• Develop, maintain, implement, and enforce frameworks, policies, and guidelines to establish strong governance of IT risk and compliance.
• Ensure that all policies and procedures are aligned with and compliant with regulatory requirements.
• Promote a culture of IT risk awareness by ensuring stakeholders understand risks and actively contribute to the IT risk management process.
• Continuously monitor IT risks and provide actionable insights to stakeholders to ensure the IT risk management plan remains effective.
• Identify potential threats and vulnerabilities within business processes, associated data, and supporting capabilities to aid in evaluating IT risk.
• Facilitate and review the Technology Risk Control Self-Assessment (RCSA) to ensure effective risk identification and mitigation.
• Ensure governance and oversight of various entities and technology workstreams to ensure compliance with internal, industry, and regulatory requirements.
• Conduct comprehensive risk assessments for new technologies, processes, products, services, and projects to evaluate associated risks.
• Coordinate and perform periodic technology and cybersecurity risk assessments, including due diligence for third parties or outsourcing providers.
• Manage and conduct ad-hoc or annual information security reviews to evaluate and enhance current security practices.
• Collaborate with business units and support teams to interpret regulatory requirements and provide guidance on technology risk-related matters.
• Challenge the adequacy and effectiveness of technology and security controls to ensure alignment with best practices and risk mitigation goals.
• Provide consulting on technology risk and security, conducting assessments for new business initiatives or the adoption of new technologies.
• Work closely with the second and third lines of defense, and other risk management functions, to foster continuous improvement and governance of the risk environment.
• Develop and deliver technology and security risk reports and dashboards tailored to various audiences, including senior management and board committees.

Qualifications

• Bachelor's degree in IT, Computing, Information Systems or any related domains.
• A minimum of 3 years of experience in one or more of the following areas: Information Security, Risk Management, Audit, or Compliance within technology-related domains.

Specific Skills/Knowledge

• Experience in the financial or banking industry is preferred.
• Solid understanding of technology risk regulatory requirements (e.g., BNM Risk Management in Technology, Guidelines on Data Management and MIS Framework, etc.) and industry standards such as ITIL, SANS, NIST, ISO 27001/2.
• Strong oral and written communication skills with the ability to engage effectively with senior stakeholders.
• Familiarity with risk assessment activities, including IT projects, Cloud, and new IT products or services.

As a member of the Group Information Security and Governance (GISGD), CISO office, this role involves overseeing the implementation and execution of the Group’s Technology Risk Management (TRM) policies, guidelines, methodologies, and initiatives. The position is responsible for maintaining the IT Risk Framework, ensuring its associated controls are effectively managed and reported. Additionally, the role involves planning, managing, and implementing IT Risk Governance processes, including the development and identification of comprehensive governance activities to mitigate and manage IT-related risks across the Group.

Responsibilities

• Identify, assess, and evaluate risks to support the execution of the IT risk management strategy.
• Develop, maintain, implement, and enforce frameworks, policies, and guidelines to establish strong governance of IT risk and compliance.
• Ensure that all policies and procedures are aligned with and compliant with regulatory requirements.
• Promote a culture of IT risk awareness by ensuring stakeholders understand risks and actively contribute to the IT risk management process.
• Continuously monitor IT risks and provide actionable insights to stakeholders to ensure the IT risk management plan remains effective.
• Identify potential threats and vulnerabilities within business processes, associated data, and supporting capabilities to aid in evaluating IT risk.
• Facilitate and review the Technology Risk Control Self-Assessment (RCSA) to ensure effective risk identification and mitigation.
• Ensure governance and oversight of various entities and technology workstreams to ensure compliance with internal, industry, and regulatory requirements.
• Conduct comprehensive risk assessments for new technologies, processes, products, services, and projects to evaluate associated risks.
• Coordinate and perform periodic technology and cybersecurity risk assessments, including due diligence for third parties or outsourcing providers.
• Manage and conduct ad-hoc or annual information security reviews to evaluate and enhance current security practices.
• Collaborate with business units and support teams to interpret regulatory requirements and provide guidance on technology risk-related matters.
• Challenge the adequacy and effectiveness of technology and security controls to ensure alignment with best practices and risk mitigation goals.
• Provide consulting on technology risk and security, conducting assessments for new business initiatives or the adoption of new technologies.
• Work closely with the second and third lines of defense, and other risk management functions, to foster continuous improvement and governance of the risk environment.
• Develop and deliver technology and security risk reports and dashboards tailored to various audiences, including senior management and board committees.

Qualifications

• Bachelor's degree in IT, Computing, Information Systems or any related domains.
• A minimum of 3 years of experience in one or more of the following areas: Information Security, Risk Management, Audit, or Compliance within technology-related domains.

Specific Skills/Knowledge

• Experience in the financial or banking industry is preferred.
• Solid understanding of technology risk regulatory requirements (e.g., BNM Risk Management in Technology, Guidelines on Data Management and MIS Framework, etc.) and industry standards such as ITIL, SANS, NIST, ISO 27001/2.
• Strong oral and written communication skills with the ability to engage effectively with senior stakeholders.
• Familiarity with risk assessment activities, including IT projects, Cloud, and new IT products or services.