Executive | Risk Management Advisory (Technology Risk)

JOB SUMMARY

Responsible for identifying, assessing, managing, and mitigating technology-related risks across the organization. This role is to ensure the integrity, confidentiality, and availability of information systems and data. Technology Risk collaborates with IT, cybersecurity, compliance, and business units to implement risk management frameworks, conduct risk assessments, monitor controls, and ensure regulatory compliance.

JOB RESPONSIBILITIES

Technology Risk Management

• Assist the Technology Risk Unit in driving the establishment and implementation of Technology Risk Management Framework (TRMF) activities/initiatives.
• Elevate the technology risk management program by adopting updated regional regulatory requirements and international standards continuously, such as RMiT by BNM, HKMA, MAS, and NIST.
• Assist in the design and implementation of information systems controls to align with EPF risk appetite and tolerance levels to support business objectives.
• Facilitate user awareness of the tools and processes to help stakeholders understand risk, improve the risk management process, and promote a risk-aware culture.
• Act as a technical member of the Technical Evaluation Committee (TEC), Project Steering Committee (PSC), and Data Steward Working Group (DSWG), in performing risk assessment and recommending adequate controls.
• Evaluate third-party/vendor risks and ensure appropriate risk treatment.
• Assist in performing the Third-Party Due Diligence (TPDD).

Secretariat of Digital Risk Working Committee (DRWC)

• Act as the secretariat to DRWC and Management Risk Committee (MRC) in technology risk governance, provide recommendations to DRWC, MRC, and BRMSC to improve technology risk management in the EPF.
• Establish and maintain a governance structure to deliberate cybersecurity and technology risks.
• Establish strategies and plans for governance & enforcement of Technology Risk Management Framework.
• Continuously review and improve processes based on industry best practices.
• Perform a technology risk assessment with the paper owner before presenting to DRWC, MRC.
• Provide regular updates on Operational Risk Events (ORE) to the Management Risk Committee (MRC), which covers physical assets, workplace safety, business disruption and cyber intrusion.

Support Digital & Cyber Business Continuity Management

• In conjunction with the business continuity management, facilitate Business Continuity planning with regards to Digital / Cyber Security via the Business Impact Analysis (BIA).
• Improve Cyber Insurance coverage to mitigate the risk of data and financial loss arising from Digital / Cyber Security incidents.

JOB REQUIREMENTS

• Bachelor’s degree (Honours) in Computer Science, Information Systems / Technology, or any related background which is recognized by the Malaysian Government from any local or abroad higher learning institution.
• At least 4 years of relevant working experience as an IT Risk, Technology Compliance Officer, Information Risk Specialist, or IT Security professional for a professional services firm or a financial services firm.
• Strong interpersonal, writing skills, and familiarity with Microsoft Office products including Word, Excel, Access, PowerPoint, and VISIO are preferred.
• Preferably experienced officer specializing in Corporate Banking / Financial Services or equivalent.
• Experience with CRISC, ISO 27002, ITIL, and NIST Certification will be an advantage.
• Reporting writing skills are required. Must be able to summarize and communicate technical data to a non-technical audience.
• Malaysian citizen.
• Obtain a pass in Bahasa Melayu, including an oral test in Sijil Pelajaran Malaysia (SPM) level or equivalent qualification recognised by the Government.

JOB STATUS

Permanent.

PLACEMENT

Technology Risk Unit, Risk Management Advisory I Section, Risk Management Department.

All applications are strictly CONFIDENTIAL and only shortlisted candidates will be called in for an interview. Applications are deemed UNSUCCESSFUL if there is no feedback from the EPF 2 MONTHS after the closing date of the advertisement.