Cyber Security Manager

The managerial role, will be responsible for IT Risk & Control Self-Assessment, identify key technology risks and execute the mitigation plan, delivering the implementation of innovative data strategies and contributing to the team’s commitment to excellence. Require an experienced professional with proven experience in delivery of best-in-class results in the realm of risk analytics especially around Technology Risk Management.

Support the implementation of the TRMP and CRP through the following:

Perform Technology and Cyber Risk Reviews Assessment (including risk impact, system criticality, cloud etc) on Technology projects and provide support to stakeholders on related risks and mitigation. This can include new digital initiatives, adoption of new and emerging technologies

Perform Independent review of IT Risk & Control Self-Assessment (RCSA), identify key technology risks and track the mitigation progress of business units. This will include testing of controls identified in RCSAs by Business Units

Oversight over the investigation to identify the root cause of technology/cyber incidents/issues and report to Head, Information Security.

Ensure complete, accurate and timely dashboard reporting of internal and BNM ORR Technology Key Risk Indicators and loss event via BNM ORR and CISS. This includes oversight of ITOC reports

Accurate and timely risk reporting to management and board level committee on IT and Cyber risk related matters

Annual review of risk management policies and procedures to ensure compliance to laws, regulations and group policies

Experience in Cloud security architecture/ implementation, VAPT, SAST, and DAST is preferred.

Assist in the implementation BCM initiatives which include coordination of risk assessments, business impact analysis (BIA), BCP/DRP tests, training, reporting, and maintenance of BCM policies and manual.

Review and challenge responses on technology related matters for outsourcing activities application, including due diligence, new outsourcing arrangements and renewal.

Degree in IT or Computer Science or related discipline.

At least 5 years of relevant working experience in IT audit, risk management, compliance and/or governance role in technology risk issues and cybersecurity.

Preferably from financial industry, or established auditing firms.

Good understanding of regulatory requirements related to IT, Cybersecurity, Infrastructure security, Application Security, Identify and Access Management, technology risk management.

Possess analytical and strategic with a track record of success in delivery results.