Assistant Vice President, Technology Risk (GETB)

The role of Technology Risk Management is to manage IT risks identification, mitigation and monitoring, develop/review technology related frameworks, policies and guidelines, conduct related training and awareness programs as well as provide advice and promote compliance with regulations and Company policies.

Technology Risk Management

• Facilitate technology risk management to ensure effective risk identification, mitigation and monitoring.
• Manage technology related risk and threats and recommend relevant monitoring tools in consultation with Group.
• Keep apprised of emerging technology risks and threats by leveraging Group resources/support.

• Develop/review technology frameworks, policies, and guidelines for the effective implementation of TRM framework in accordance with regulatory expectations as well as advice sought from Group.
• Keep abreast of with the latest changes in the regulatory and group requirements.

• Determine effectiveness and completeness of technology risk identification, mitigation and monitoring.
• Assess the implementation and compliance to regulatory guidelines, frameworks and policies. This will include reviews of Service Providers or business partners.
• Prepare relevant reports and table the same at relevant management or board committee meetings.

• Prepare/review dashboard reporting on the material technology, information and cyber risk matters, including key risk indicators to the Board and Senior Management.
• Perform oversight over the IT incident management and reporting.
• Promote security awareness via education and awareness on technology risks, cyber security and data protection for directors, staff, agents and service providers.

• Perform reviews of IT projects and provide advice in accordance with technology risk related policies and regulatory requirement to ensure that risks are effectively identified and managed.
• Provide support/coordinate/assist Group for the implementation of technology risk and cybersecurity initiatives/strategy.
• Involvement in TRM-related projects/programs and initiatives initiated by IT, BU, Group or regulator.

• Review and appraise Department Risk Officers: Determine effectiveness of implementation and compliance to laws and regulations and policies.
• Ensure that frameworks, policies and guidelines are reviewed timely.
• Provide guidance and training to DROs, vendors and agents on technology risk.
• As part of the leadership team, work with key stakeholders to proactively shape the organisation’s culture and conduct environment that is aligned to the organization’s Core Values.
• Champion culture and conduct behavioural expectations within the Department/Division.
• Takes accountability in considering business and regulatory compliance risks and takes appropriate steps to mitigate the risks.
• Maintains awareness of industry trends on regulatory compliance, emerging threats and technologies in order to understand the risk and better safeguard the company.
• Highlights any potential concerns /risks and proactively shares best risk management practices.

• Minimum 8 years’ experience in IT related environment including technology risk, security and control related functions.
• Degree in Information Technology or equivalent
• Good analytical and investigative skills.
• Good knowledge of System and security management.
• Knowledge of project management.
• Experience in IT related best practices and methodologies
• Demonstrates alignment with the organisation’s core values through expected behaviours
• Relevant certifications such as Certified Information Systems Security Professional (CISSP), CISM, CISA, CRISC
• Local regulatory requirements for technology risk and information security
• Concepts in security and vulnerability management
• Information Security and Technology Risk concepts of CIA
• Concepts in risk assessment and management