Our client, a reputable European Bank, is looking for a high caliber to join the regional operational risk team. The successful candidate will be part of the Risk Management Team in assisting the CRO in Asia Region and Regional Head of Operational Risk Asia in the design, implementation, monitoring and application of an effective risk framework for technology related risks. This covers the spectrum of IT Disaster Recovery Planning, IT infrastructure, IT Systems and IT Security within the Asia region.
* Design, maintain and implement the regional and local IT risk management framework for the Asia region, including control tools & measures.
* Develop, maintain and implement a compliance framework to all applicable Asia regulatory requirements.
* Ensure essential IT risk policies and regulations are maintained/updated and are communicated and disseminated to the staff of Rabobank Asia Branches on a timely basis.
* Perform oversight on the update of Global, Regional Asia and Local IT policies and procedures.
* Review the Asia Technology Risk Committee Charter and provide advisory to locations in the Asia Region.
* Develop and maintain a system to promote the identification of IT related risks, including incident reporting.
* Develop and maintain an updated understanding of the IT regulatory requirements and obligations in the Asia region and monitor the level of compliance to these requirements.
* Review risk acceptances and risk treatment plans submitted by business and IT to form an independent opinion on the risks posed to the different parties.
* Maintain a regional and local IT risk dashboards that highlights key IT risks and the changes in the level of the residual risks.
* Monitor the status of IT risk acceptances and follow up with the relevant risk owners on pending/overdue items and the status of the action plans.
* Prepare management reports to senior management for decision making from tactical and strategic risk perspective.
* Prepare monthly IT Risk Dashboard for submission to the relevant Risk Committees and/or Technology Risk Committees. The report should cover key IT risks (loss/incidents), identifying trends and movements from previous months.