Cloud Risk Advisor

Summary
The Cloud Risk advisor is responsible for conducting cloud security risk assessments of the Bank's and/or Service Provider’s cloud environment. This includes the identification and evaluation of security risks associated with cloud computing, such as data breaches, unauthorized access, data leakage, denial of service attacks and etc. In addition, the Cloud Risk Advisor will collaborate with other members of the business or service provider to review, challenge and ensure that adequate security controls are in place to safeguard the Bank's cloud environment.

Duties and Responsibilities:
•Formulate, maintain, and implement a comprehensive framework, policies, and guidelines to establish robust cloud risk and compliance governance.
•Regularly conduct comprehensive assessments of cloud adoption practices to ensure conformance with applicable regulatory requirements, thereby preserving the integrity of policies and procedures.
•Initiate Cloud risk awareness program and train stakeholders to ensure they understand the risk and contribute to the Cloud risk management process, as well as to promote an IT and Cloud risk-aware culture.
•Assist in the development of Cloud technology and compliance control programs.
•Monitor development of regulatory requirements or industry practices on Cloud risk and provide information to appropriate stakeholders on the improvement plan identified.
•Develop and track key risk indicators (KRIs) in accordance with enterprise wide risk management framework.
• Facilitate and review the Cloud related Risk Control Self-Assessment (RCSA).
• Ensure governance and oversight of various entities and technology workstreams to comply to internal, industry and regulatory requirements.
•Work closely with the business and support users to understand regulatory requirements and to provide support and guidance for technology risk related matters.
• Conduct gap analysis of new regulations and Bank's established policies, processes, guidelines to ensure compliance.
• Provide effective challenge to the adequacy and effectiveness of various technology and security controls.
•Develop Cloud technology risk reports & dashboards for various audiences and committees (including board and senior management).
•Maintain accurate documentation of cloud risk assessments and mitigation actions, while preparing periodic reports on cloud risks, mitigation progress, and overall security posture for management and compliance purposes
•Monitor cloud platforms to ensure compliance with industry standards and regulatory requirements, while assisting in verifying that cloud service providers meet the organization's security and compliance policies.

Qualification
•Bachelor's degree in IT, computing, Information Systems or any related domains.
Years of Experience
•3 or more years of experience in any of these disciplines: Cloud security, Information security, risk management, audit and compliance in technology areas.
Specific Skills/Knowledge and Certification Required
1.Familiar with security / technology regulations, standards and best practices such issued by BNM, PCI-DSS, Paynet, Securities Commission and etc.
2.Working experience in Technology Risk Management / IT Governance / IT Compliance / IT Audit would be an added advantage.
3.Sound knowledge / understanding in the following areas: -
• Proficient understanding of financial institutions and underlying business processes
• Strong understanding of cloud computing concepts and technologies
•Experience with security risk assessment methodologies and tools
• Experience with Cloud security framework
• Experience with Cloud security tools
• Experience with Cloud security compliance requirements
• Experience with independent review of Cloud security risk management.
•Self-starter and able to work independently or with minimal supervision.