Assistant Manager, Technology Risk

Roles & Responsibilities
Technology Risk, Regulatory and Compliance Advisor is responsible for ensuring compliance with regulatory requirements, particularly Bank Negara Malaysia's Risk Management in Technology (BNM RMiT) policy document, Securities Commission Malaysia’s Guidelines on Technology Risk Management, Labuan Financial Services Authority’s Guidelines on Technology Risk Management and internal technology risk frameworks. The role involves assessing, monitoring, and enhancing technology risk compliance and regulatory adherence across the BIMB Group.

Duties and Responsibilities:

1. Regulatory Compliance Management
• Assist in monitoring regulatory requirements related to technology, data protection, and cybersecurity issued by Bank Negara Malaysia (BNM), Securities Commission Malaysia (SC), Labuan Financial Services Authority (LFSA), and other relevant authorities.
• Assist in maintaining and updating the Technology Regulatory Compliance Register, ensuring accurate mapping of regulatory obligations to internal controls, responsible owners, and supporting evidence within the GISGD centralised system.
• Assist in tracking and monitoring the closure of compliance findings, audit issues, and regulatory observations related to technology, data, and cybersecurity.
• Assist in planning, coordinating, and reporting technology compliance reviews and assessments, ensuring results, progress updates, and key observations are escalated through the relevant governance committees.
2. Regulatory, Internal and External Engagement liaison & Coordination
• Assist in coordinating regulatory, internal, and external engagements, including BNM inspections, internal/external audits, thematic reviews, surveys, and industry-wide assessments.
• Assist in serving as a liaison and coordination point between regulators, auditors, consultants, and internal stakeholders, ensuring accurate and timely submission of required documentation and management responses.
• Assist in preparing regulatory reports and submissions, including RMiT compliance updates, GISGD monthly compliance reports, and other ad-hoc regulatory deliverables.
• Assist in maintaining a centralised repository for regulatory correspondence, inspection outcomes, and evidential records to support audit readiness and documentation traceability.
• Assist in tracking and reporting the status of regulatory commitments and action plans, ensuring timely escalation of delays or potential non-compliance to management.
• Assist in preparing briefing materials, dashboards, and compliance updates for management reporting and governance committee presentations.
• Assist in coordinating compliance assessments and gap analyses initiated by regulators or internal/external parties, including reviewing documentation to ensure accuracy and completeness before submission.
• Assist to undertake the division’s Designated Compliance Relationship Officer (DCORO), ensuring all responsibilities and accountabilities associated with the role are duly discharged.
3. Technology Compliance Oversight
• Assist in performing periodic regulatory compliance assessments on technology, cybersecurity, and data governance domains, ensuring effective implementation of control measures.
• Assist in reviewing Exception Impact Analysis (EIA) submissions to evaluate risk implications, ensuring that exceptions are properly justified, time-bound, and endorsed through appropriate governance channels.
• Assist in reviewing System Impact Analysis (SIA) assessments to validate system criticality classification, recovery tiering, and alignment with business continuity and recovery objectives.
• Assist in reviewing and enhancing technology and cybersecurity policies, standards, and procedures to ensure consistency with regulatory expectations and industry best practices.
• Assist in undertaking an assurance review of a technology third-party service provider to assess compliance with regulatory requirements and the adequacy of risk controls.
• Assist in performing IT Disaster Recovery (IT DR) assurance activities, including the review of DR test planning, execution, and post-test validation, to ensure alignment with RMiT requirements on system availability, Recovery Time Objectives (RTO), and Recovery Point Objectives (RPO).
• Assist in conducting periodic User Access Matrix (UAM) reviews for regulatory systems (e.g., Fibox, KijangNet, ORION) and other critical systems supporting regulatory reporting and compliance functions.
4. Continuous Improvement
• Assist in enhancing and maintaining governance frameworks such as the Group Technology Exception Guideline and Group System Criticality Classification Policy, ensuring integration of regulatory requirements and internal control expectations.
• Assist in identifying opportunities to strengthen technology risk and compliance maturity, including process automation, compliance monitoring tools, and improved evidence management practices.
• Assist in supporting initiatives that enhance technology resilience, regulatory compliance, and governance effectiveness across the Group.
• Assist in capturing lessons learned from audits, regulatory reviews, and DR assurance exercises to support continuous improvement and drive sustainable compliance practices.