Risk Governance & Reporting Advisor

Summary
As a member of CISO office, the candidate will assist in overseeing the implementation of the Group’s Technology Risk Management (TRM) related framework, policies, guidelines, manuals, methodologies, or initiatives across the Bank and its subsidiaries. This includes responsibility for maintenance of the Group Technology Risk Framework, and its associated governance and reporting activities. The candidate will also be responsible for providing support in governance and reporting on technology risk management activities which include ongoing and ad-hoc initiatives to promote robust technology risk management.

Duties and Responsibilities:
•Support in the development, maintenance, implementation, and enforcement of framework, policies, guidelines and manuals to foster strong governance and compliance in technology risk management.
•Monitor alignment of framework, policies, and guidelines for technology risk management to relevant regulatory requirements and industry best practices.
•Monitor development of regulatory requirements and industry best practices on technology risk and provide information to appropriate stakeholders on the improvements required.
•Develop and monitor key risk indicators (KRIs) in accordance with the Enterprise-wide Risk Management Framework.
•Provide independent and constructive challenge to BU/SU for assessments performed as part of ongoing KRI monitoring and reporting activities.
• Support in the facilitation of periodic Technology Risk Control Self-Assessments (RCSA).
• Monitor level of governance and ensure oversight of various entities and technology workstreams pertaining to compliance with internal, industry and regulatory requirements.
• Conduct gap analysis of new regulations and Group's established policies, processes, guidelines to ensure compliance.
•Support development, preparation, and enhancement of periodic technology risk reports & dashboards for various audiences and committees (including Board and Senior Management).
•Collaborate and work closely with the business and support users by providing support and guidance for technology risk related matters.
•Assist in technology risk awareness initiatives and train stakeholders to ensure they understand the risk and contribute to the technology risk management process, as well as to promote an IT risk-aware culture.

Qualification
•Bachelor's degree in IT, Computing, Information Systems, or any related domains.
Years of Experience
•2 or more years of experience in any of these disciplines: Information security, risk management, audit, and compliance in technology areas.
•Preferably someone from one of the top 4 consulting firms.
Specific Skills/Knowledge and Certification Required
1.Familiar with security / technology regulations, standards, and best practices such issued by BNM, PCI-DSS, Paynet, Securities Commission and etc.
2.Working experience in Technology Risk Management / IT Governance / IT Compliance / IT Audit would be an added advantage.
3.Working experience and/or certification related to Power BI, Tableau, or use of other data visualisation/ analytical tools would be an added advantage.
4.Proficiency in English, with strong communication and writing abilities.
5.Sound knowledge / understanding in the following areas: -
• Proficient understanding of financial institutions and underlying business processes
•Technology and cybersecurity policies and standards
•Risk assessment tools, technologies, and methods
•Enterprise and operational risk frameworks
•Regulatory compliance
•Technology resiliency
6.Self-starter and able to work independently or with minimal supervision.