Website Nhance Recruitment
Responsibilities
• Review and maintain the Framework on Technology Risk Management and Resilience of the Bank to identify gaps and ensure such gaps are addressed by liaising with IT and other departments in order to manage the risk tolerance levels as per the requirements stipulated in Direction 16 of 2021 on the regulatory framework on technology and resilience.
• Conduct comprehensive technology risk-related risk assessment to identify vulnerabilities and potential threats which may impact the bank.
• Collaborate with cross-functional teams to implement effective risk mitigation measures for the identified technology-related risks.
• Stay abreast of emerging technologies and evolving regulatory requirements to proactively
• address risks.
• Assist Operational Risk Management units to identify technology-related gaps in departments/
• branches.
• Provide leadership and guidance on technology risk management best practices.
• Monitor Risk and Control Self Assessment (RCSA) process for the technology-driven banking
• products and services such as payment cards and electronic banking, and information security-related service delivery functions of the Bank.
• Conduct a root cause analysis on discrepancies identified during user access privilege reviews and suggest appropriate internal control enhancements to the information Security Committee.
• Take part and provide input for assessment and evaluations of the vendors/ third parties related to software/ system applications.
Requirements
Possess a minimum of 7 years of experience with a minimum of 2 years’ experience in a similar capacity or information security/cyber- security.
Bachelor’s degree in a professional qualification in the ICT/ Information Security/ Cyber Security.
Proven experience in technology risk management, information security or cybersecurity.
Strong analytical skills with the ability to assess complex technical environments.
Excellent communication skills and interpersonal skills.
Relevant certifications such as CISSP, CISM or CRISC are a plus