Vice President, Technology Risk | Kuala Lumpur, MY

Create your future with Affin! You too can make a difference.

Join us at AFFIN, where open minds meet and be inspired by a shared commitment to great work. Here, you don't just stay at the forefront of the industry - you can make a difference too.

Establish and maintain governance and oversight on the effectiveness of technology risk management for Affin Group. This function is responsible for maintaining a strong technology risk management culture, formulating and reviewing the technology risk appetite, tolerances, and thresholds that align with the banking group's risk appetite, and establishing a program to identify, assess, measure, monitor, control, and report on significant technology risks.

• Prepare and execute third-party cyber risk assessments, cloud risk assessments, project risk assessments, and due diligence activities.
• Maintain and update the third-party risk inventory and project risk inventory, ensuring accurate documentation.
• Review and assess vendor security documentation, including SOC reports, ISO certifications, penetration test reports, and security questionnaires.
• Monitor ongoing vendor risk through periodic reviews, assessments, and threat intelligence.
• Track and report risk remediation plans for third-party gaps and exceptions.
• Identify, prepare, and review technology and cyber risk metrics related to third-party and project risks.
• Perform risk analytics on data from internal and external sources to identify emerging third-party risks before they surface.
• Support the development and maintenance of third-party risk management (TPRM) and project risk frameworks, policies, and procedures.
• Assist in designing and delivering training and awareness programs related to third-party cyber, project, and technology risks.
• Stay current with emerging risks, threats, and regulatory changes impacting third-party cyber risk and project risk.
• Provide advisory, guidance, and recommendations on technology risks, especially in information security and controls, ensuring compliance with internal policies and regulatory guidelines.
• Conduct independent assessments to identify, evaluate, and strategize on reducing, mitigating, or transferring IT and cyber risks associated with projects.
• Support senior management, including the CISO and GCRO, in overseeing effective implementation of technology risk management at the entity level.

• Degree in IT, IS, Computing, or related fields.
• Minimum of 5 years experience in IT risk management, cyber risk management, project risk management, or third-party risk management.
• Professional certifications such as PMP, PMI-ACP, CEH, CRISC, and CISSP are advantageous.
• Good knowledge and experience in information security and IT risk management, with technical security assessment skills.
• Familiarity with Bank Negara Malaysia's regulatory requirements related to Technology Risk.
• Strong analytical, influencing, and problem-solving skills. Able to work independently with minimal supervision.
• Ability to collaborate across different levels of seniority and cultures.

Find thousands of job opportunities by signing up to eFinancialCareers today.