Manager, Technology Risk VN

• Manage the Technology Risk Management Framework (TRMF) and Policy (TRMP) to align with the changing regulatory landscape and identified areas for control improvements
• Define and manage the TRAS and KRIs to drive actions to meet the approved thresholds and manage associated risks
• Execute the ORM validation requirements for RCSA, CET, LED, CIMs, KRIs for technology related maters
• Assess/validate the Product Approval submissions involving technology implementations and changes prior to notifying regulators
• Review Technology Risk assessments related to Project Implementations
• Drive awareness of technology risks & adoption of the TRMF, TRMP, Technology Risk Appetite Statement (TRAS), & Key Risk Indicators (KRI)

• Second line of defense oversight on effectiveness of controls to manage IT & Cyber Security Risks across the organization
• Identify emerging risks & threats, engaging with IT Security and observation of external events
• Lead & orchestrate annual Red Teaming and Cyber Drills
• Progressively elevate Cyber Risk Maturity posture of the organization

• Second line of defense oversight on effectiveness of controls to manage Technology Resiliency Risks
• Review/Endorse External Independent Assessment reports on Resiliency
• Review operational thresholds for improvement and standardization opportunities
• Perform deep-dive assessments where necessary, driven events

• Conduct assurance on 3rd Party IT Due Diligence for onboarding and periodic reviews and engage with GTRM SMEs where required
• Monitor events related to 3rd Parties in the public domain and trigger ad-hoc assessments, where necessary, in collaboration with Group Outsourcing Governance (GOG) and Service Owners
• Engage 3rd Party Governance policy owner for P&P improvements

• Lead the development of annual Independent Risk Assessment through the identification of risk themes and reporting
• Lead the collation of group data and preparation of monthly TRAS & KRI performance metrics & insights for Technology Risk reports
• Coordinate the ORM validation activities within GTRM and any ad-hoc demands

• System Resiliency: Deliver IT systems/ applications commitments (SLA/ Availability, Recovery Time Objective, DR capacity) to System Owner and business stakeholders.
• Location Resiliency: Enhance capability to recover business functions following a disruptive incident of work locations.
• Manage the Business Continuity Management Policy & Procedure to align with Group' s P&P and the changing regulatory landscape and identified areas for control improvements

• Relevant degree or equivalent from a recognized University.
• Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or Certified Information Systems Security Professional (CISSP) are preferred.
• ITIL, ISO27001, and COBIT Certification are preferred.
• Science & Statistics are an advantage
• With at least 10 years of working experience in a technology risk function, preferably at the managerial level.
• With significant experience gained in the banking sector and preferably focus in information security, data privacy, risk management, legal, audit, operations, etc.
• Experience with Operational Risk framework, Business Continuity Management is a bonus

CIMB