Deputy Manager | Risk Management Advisory (Technology Risk)

JOB DESCRIPTION

Responsible for identifying, assessing, managing, and mitigating technology-related risks across the organization. This is to ensure the integrity, confidentiality, and availability of information systems and data. Technology Risk collaborates with IT, cybersecurity, compliance, and business units to implement risk management frameworks, conduct risk assessments, monitor controls, and ensure regulatory compliance.

JOB RESPONSIBILITIES

Technology Risk Management

• Assist in driving the establishment and implementation of Technology Risk Management Framework (TRMF) activities/initiatives.
• Elevate the technology risk management program by adopting updated regional regulatory requirements and international standards continuously, such as RMiT by BNM, HKMA, MAS, and NIST.
• Assist in the design and implementation of information systems controls to align with EPF risk appetite and tolerance levels to support business objectives.
• Facilitate user awareness of the tools and processes to help stakeholders understand risk, improve the risk management processes, and promote a risk-aware culture.
• Act as a technical member of the Technical Evaluation Committee (TEC), Project Steering Committee (PSC), and Data Steward Working Group (DSWG), in performing risk assessments and recommending adequate controls.
• Evaluate third-party/vendor risks and ensure appropriate risk treatment.
• Assist in performing the Third-Party Due Diligence (TPDD).

Secretariat of Digital Risk Working Committee (DRWC)

• As secretariat to DRWC and MRC in technology risk governance, provide recommendations to DRWC, MRC, and BRMSC to improve technology risk management in the EPF.
• Establish and maintain a governance structure to deliberate cybersecurity and technology risks.
• Establish strategies and plans for governance & enforcement of Technology Risk Management Framework.
• Continuously review and improve processes based on industry best practices.
• Perform a technology risk assessment with the paper owner before presenting to DRWC, MRC.
• Provide regular updates on Operational Risk Events (ORE) to the Management Risk Committee (MRC), which covers physical assets, workplace safety, business disruption and cyber intrusion.

Support Digital & Cyber Business Continuity Management

• In conjunction with the business continuity management team, facilitate Business Continuity planning with regard to Digital / Cyber Security.
• Improve Cyber Insurance coverage to mitigate the risk of data and financial loss arising from Digital / Cyber Security incidents.

Key Collaborative Interfaces

• Perform risk convergence, IT risk, and control framework design, and work on integrated risk management projects.
• Keep abreast of the latest technology risk knowledge and share the industrial best practice with enterprise-wide project committees for risk mitigation.
• Demonstrate in-depth technical capabilities and professional knowledge.

JOB REQUIREMENTS

• Bachelor’s degree (Honours) in Computer Science, Information Systems / Technology, or any related background which is recognized by the Malaysian Government from any local or abroad higher learning institution.
• At least 7 years of relevant working experience as an IT Risk, Technology Compliance Officer, Information Risk Specialist, or IT Security professional for a professional services firm, or a financial services firm.
• Strong interpersonal, writing skills, and familiarity with Microsoft Office products including Word, Excel, Access, PowerPoint, and VISIO are preferred.
• Preferably experienced officer specializing in Corporate Banking / Financial Services or equivalent.
• Experience with CRISC, ISO 27002, ITIL, and NIST Certification will be an advantage.
• Reporting writing skills are required. Must be able to summarize and communicate technical data to a non-technical audience.
• Malaysian citizen.
• Obtain a pass in Bahasa Melayu, including an oral test in Sijil Pelajaran Malaysia (SPM) level or equivalent qualification recognised by the Government.

JOB STATUS

Permanent

PLACEMENT

Technology Risk Unit, Risk Management Advisory I Section, Risk Management Department

All applications are strictly CONFIDENTIAL and only shortlisted candidates will be called in for an interview. Applications are deemed UNSUCCESSFUL if there is no feedback from the EPF 2 MONTHS after the closing date of the advertisement.