Senior IT Risk Manager

  • 10K to 15K
  • Kuala Lumpur, Malaysia
  • Permanent, Full time
  • Standard Chartered Global Business Services Sdn Bhd
  • 18 Aug 17

Specifically this role will act as the risk SME (Individual Contributor) for platforms infrastructure and serve as a key member of the Platforms Technology Risk and Control team, supporting a range of initiatives to enhance the control design and implementation across platforms commissioning, maintenance, change and release management, Access Management, and ongoing production support.

Key Responsibilities
- Design and Implement assessment programs to monitor the Technology Risk posture for the Platforms Infrastructure business; embedding governance and oversight to provide management with transparency over what these risks are and how they can be managed.
- Design, Implement relevant Technology Risk and Control activities (e.g., assessments, control testing, monitoring, reporting, and targeted remediation activities) (KRI, KCI, CST etc) as well as ensuring consistency in execution.
- Develop and maintain strong business and technology relationships to become a trusted partner, as well as building relationships with Corporate functions such as Audit, Group Operations Risk and Global Technology Infrastructure for end-to-end risk and control management.
- Design, participate in, or provide SME support for programs to improve or remediate the technology control environment across Platforms Infrastructure
- Implement effective and efficient controls to minimise / mitigate operational impact – includes risk and controls – identification/ design, testing, reporting and monitoring
- Ensure proper management of risk and timely resolution of issues (Internal, audit, external etc)
- Promote understanding, practice and culture of Operational Risk within the Domain(s).
- Represent the Domain(s) as the Single Point of Contact (SPoC) on internal and external audits and Subject Matter Expert (SME) on the audit working practices
- Support delivery of all risk forums within the Domain(s) operates within the approved Terms of Reference (ToR), including membership, agenda, and frequency.etc.


Key Measurables
- Effectiveness of the controls and monitoring of operational risks and controls at the Domain(s)al level
- Satisfactory results on audits undertaken by Group Internal Audit, regulators or external audit
- Cross team collaboration and leadership skills – proactive engagement with stakeholders
Experience and Skills • CRISC / CISA / CISSP / COBIT certification
• System administrator – Windows / Unix / Virtualisation (sometime during the career)
• Technology Risk and Control experience within Financial Services industry.
• Proven Risk Management track record and hands on Controls Assurance work in Technology and other operations risk domains.
• Knowledge of controls assurance and determining control criticality.
• Ability to make judgments in relation to any aspect of the control environment. This includes both technical and operational controls.
• In depth knowledge of Technology operations and the financial services industry in general
• Proven experience in making presentations to stakeholders and management.
• Excellent verbal and written communication capabilities with the ability to interact at all levels of the organisation
• Degree qualified (or equivalent) and/or High Performance track record throughout career.
• Technical certifications in  Microsoft, Redhat or Virtualisation
• Experience in implementing ITIL or COBIT