Job Description
Plan, design, and implement an overall IT security risk /operational risk management framework and update relevant risk policy documentation according to regulatory requirements. We are looking for a dynamic, collaborative and practical IT Risk Manager for a large multinational banking corporation.
Overall Requirements:
- At least 3 years of experience in the financial services industry, preferably banking or professional services
- Professional qualification in IT, technology or data management related areas
- Relevant experience in Second Line of Defence or First Line in-business risk and control function in IT and op risk areas
- Good knowledge in IT and operational risk management and understanding of relevant regulatory requirements
- Practical and hands-on industry experience in overall IT and op risk management controls and practices
- Independent, capable to manage evolving risks and able to influence stakeholders and promote for better practices
- Designated IT operational risk, IT security, Cyber security, data risk management Second Line of Defence function for the Bank
- Plan, design, and implement an overall IT security risk /operational risk management framework and update relevant risk policy documentation according to regulatory requirements (including CPS 234 Information Security, CPG 234 Information Security, CPG 235 Managing Data Risk and other relevant prudential documentations etc.)
- Assist in establishing and maintaining risk appetite and metrics for IT/operational risk and perform monitoring of key risk indicators (KRIs) and other IT-related metrics on a regular basis
- Independently supervise and challenge first line IT risk management, liaise with IT and relevant departments in performing day-to-day IT risk management and controls
- Actively participate in business continuity plan (BCP) and disaster recovery (DR) testing on a regular basis
- Coordinate and provide support and reporting to Risk Committee, particularly in IT op risk-related areas
- Understand Head Office and regulatory requirements for IT security risk matters and able to provide support, education and training to staff to build risk awareness within the Bank
- Prepare response and investigation of IT-related matters (e.g. outage, down time etc) in a timely manner
- Coordinate various stakeholders in compiling relevant data and information (e.g. indirectly from Head Office via IT) and perform checking and validation and ensure quality and submission on time
- Perform other IT/op risk functions including system update/maintenance etc.
- Ad hoc projects and tasks
- Assist in ad hoc projects and tasks such as Head Office requests, preparation of prudential/audit review
- Relief / backup support to other team members