Job Purpose
The role of Technology Risk Management is to manage IT risks identification, mitigation and monitoring, develop/review technology related frameworks, policies and guidelines, conduct related training and awareness programs as well as provide advice and promote compliance with regulations and Company policies.
The Job
Technology Risk Management
- Facilitate technology risk management to ensure effective risk identification, mitigation and monitoring.
- Manage technology related risk and threats and recommend relevant monitoring tools in consultation with Group.
- Keep apprised of emerging technology risks and threats by leveraging Group resources/support.
Governance
- Develop/review technology frameworks, policies, and guidelines for the effective implementation of TRM framework in accordance with regulatory expectations as well as advice sought from Group.
- Keep abreast of with the latest changes in the regulatory and group requirements.
Review and Monitoring
- Determine effectiveness and completeness of technology risk identification, mitigation and monitoring.
- Assess the implementation and compliance to regulatory guidelines, frameworks and policies. This will include reviews of Service Providers or business partners.
- Prepare relevant reports and table the same at relevant management or board committee meetings.
Reporting
- Prepare/review dashboard reporting on the material technology, information and cyber risk matters, including key risk indicators to the Board and Senior Management.
- Perform oversight over the IT incident management and reporting.
Risk Awareness
- Promote security awareness via education and awareness on technology risks, cyber security and data protection for directors, staff, agents and service providers.
Participate and Provide Advisory for Critical/Significant Projects
- Perform reviews of IT projects and provide advice in accordance with technology risk related policies and regulatory requirement to ensure that risks are effectively identified and managed.
- Provide support/coordinate/assist Group for the implementation of technology risk and cybersecurity initiatives/strategy.
- Involvement in TRM-related projects/programs and initiatives initiated by IT, BU, Group or regulator.
Others
- Review and appraise Department Risk Officers: Determine effectiveness of implementation and compliance to laws and regulations and policies.
- Ensure that frameworks, policies and guidelines are reviewed timely.
- Provide guidance and training to DROs, vendors and agents on technology risk.
- Promote risk awareness.
- As part of the leadership team, work with key stakeholders to proactively shape the organisation's culture and conduct environment that is aligned to the organization's Core Values.
- Champion culture and conduct behavioural expectations within the Department/Division.
- Takes accountability in considering business and regulatory compliance risks and takes appropriate steps to mitigate the risks.
- Maintains awareness of industry trends on regulatory compliance, emerging threats and technologies in order to understand the risk and better safeguard the company.
- Highlights any potential concerns /risks and proactively shares best risk management practices.
Our Requirements
- Minimum 8 years experience in IT related environment including technology risk, security and control related functions.
- Degree in Information Technology or equivalent
- Good analytical and investigative skills.
- Good knowledge of System and security management.
- Knowledge of project management.
- Experience in IT related best practices and methodologies
- Demonstrates alignment with the organisation's core values through expected behaviours
- Relevant certifications such as Certified Information Systems Security Professional (CISSP), CISM, CISA, CRISC
- Local regulatory requirements for technology risk and information security
- Concepts in security and vulnerability management
- Information Security and Technology Risk concepts of CIA
- Concepts in risk assessment and management
