Key responsibilities of this role will include, but are not limited to the following:
• Design, maintain and implement the regional and local IT risk management framework for the Asia region, including control tools & measures.
• Develop, maintain and implement a compliance framework to all applicable Asia regulatory requirements.
• Ensure essential IT risk policies and regulations are maintained/updated and are communicated and disseminated to the staff of Rabobank Asia Branches on a timely basis.
• Perform oversight on the update of Global, Regional Asia and Local IT policies and procedures.
• Review the Asia Technology Risk Committee Charter and provide advisory to locations in the Asia Region.
• Develop and maintain a system to promote the identification of IT related risks, including incident reporting.
• Develop and maintain an updated understanding of the IT regulatory requirements and obligations in the Asia region and monitor the level of compliance to these requirements.
• Review risk acceptances and risk treatment plans submitted by business and IT to form an independent opinion on the risks posed to the different parties.
• Review and challenge the figures and information reported in the IT risk dashboard submitted by IT for completeness and accuracy.
• Advise business and system owners on risk treatment approaches.
• Facilitate the IT risk and control self assessment by the relevant IT departments, in order to assess the effectiveness of the control measures and identify new risks.
• Encourage timely identification and reporting of significant risks and losses.
• Analyse the IT loss incidents reported and advise on remediation.
• Maintain a regional and local IT risk dashboards that highlights key IT risks and the changes in the level of the residual risks.
• Monitor the status of IT risk acceptances and follow up with the relevant risk owners on pending/overdue items and the status of the action plans.
• Maintain an IT risk register that documents IT risks and the implemented controls/actions taken or actions underway to reduce the risks.
• Prepare management reports to senior management for decision making from tactical and strategic risk perspective.
• Prepare monthly IT Risk Dashboard for submission to the relevant Risk Committees and/or Technology Risk Committees. The report should cover key IT risks (loss/incidents), identifying trends and movements from previous months.
• A relevant tertiary qualification
• 3+ years of experience in Technology Risk Management
• 8+ years in IT / IT Security / IT Audit
• Relevant professional certification is preferred (e.g. CSX, CISA, CISM, CRISC, CGEIT, CISSP, CCSP)
Job Skills & Knowledge:
1. Influencing Skills:
• People management skills
• Ability to influence outcomes with business and technical teams based on experience in risk analysis, compliance, business banking processes and systems implementation in the Finance or Banking space
• Ability to communicate up, down and across hierarchy by providing solid understanding of how IT risks translate to business risks plus a good understanding of banking business models
2. Interpersonal Skills:
• Must have excellent written and oral communication skills
• Initiative and self-motivation
• Ability to work under pressure and manage multiple tasks
• Excellent problem solving/analytical skills
• Ability to communicate effectively with Senior Management and convey risk issues and implications for complex technical solutions
• Ability to build and maintain relationships at all levels plus engagement with stakeholders
• Ability to serve as a bridging function between the 1st and 2nd Lines of Defence, to promote cooperation, trust and communication
3. Technical and Specialist Skills:
• Strong knowledge of IT infrastructure components including software (Operating System, Application and Database), hardware (Server, Firewall, Switch and Router) and IT Security components
• Knowledge of Technology Risk Management practices, fundamentals and frameworks in Asia Region
• Knowledge of information security concepts, practices and tools
• Understanding Systems development practices, lifecycle management and Systems Testing
• Understanding of IT Governance within an organisation including its components, benefits and practices
• Experience in handling Asia regulatory (e.g. MAS, HKMA, RBI, CBIRC) requirements and compliance based initiatives including reporting
• Knowledge of IT Outsourcing (risks, controls, monitoring), Cloud Computing and related regulatory issues
• Experience in assessing residual technology risks related to Business Continuity Planning (BIA, RTO, DRP etc)
Note: Only shortlisted candidates will be notified.