A multinational bank is looking for a Regional Technology Risk professional join their risk team Hong Kong. Covering four regions across APAC, this professional will assist in designing, implementing, monitoring and the application of the Company's risk framework.
- Design, maintain and implement the regional and local IT risk management framework for the Asia region, including control tools & measures.
- Develop, maintain and implement a compliance framework to all applicable Asia regulatory requirements.
- Ensure essential IT risk policies and regulations are maintained/updated and are communicated and disseminated to the staff of Rabobank Asia Branches on a timely basis.
- Perform oversight on the update of Global, Regional Asia and Local IT policies and procedures.
- Review the Asia Technology Risk Committee Charter and provide advisory to locations in the Asia Region.
- Develop and maintain a system to promote the identification of IT related risks, including incident reporting.
- Develop and maintain an updated understanding of the IT regulatory requirements and obligations in the Asia region and monitor the level of compliance to these requirements.
- Review risk acceptances and risk treatment plans submitted by business and IT to form an independent opinion on the risks posed to the different parties.
- Review and challenge the figures and information reported in the IT risk dashboard submitted by IT for completeness and accuracy.
- Advise business and system owners on risk treatment approaches.
- Facilitate the IT risk and control self assessment by the relevant IT departments, in order to assess the effectiveness of the control measures and identify new risks.
- Encourage timely identification and reporting of significant risks and losses.
- Analyse the IT loss incidents reported and advise on remediation.
- Maintain a regional and local IT risk dashboards that highlights key IT risks and the changes in the level of the residual risks.
- Monitor the status of IT risk acceptances and follow up with the relevant risk owners on pending/overdue items and the status of the action plans.
- Maintain an IT risk register that documents IT risks and the implemented controls/actions taken or actions underway to reduce the risks
- Prepare management reports to senior management for decision making from tactical and strategic risk perspective.
- Prepare monthly IT Risk Dashboard for submission to the relevant Risk Committees and/or Technology Risk Committees. The report should cover key IT risks (loss/incidents), identifying trends and movements from previous months
- A relevant tertiary qualification
- 3+ years of experience in Technology Risk Management
- 8+ years in IT / IT Security / IT Audit
- Relevant professional certification is preferred (e.g. CSX, CISA, CISM, CRISC, CGEIT, CISSP, CCSP)
Job Skills & Knowledge:
- Must have excellent written and oral communication skills
- Initiative and self-motivation
- Ability to work under pressure and manage multiple tasks
- Excellent problem solving/analytical skills
- Ability to communicate effectively with Senior Management and convey risk issues and implications for complex technical solutions
- Ability to build and maintain relationships at all levels plus engagement with stakeholders
- Ability to serve as a bridging function between the 1st and 2nd Lines of Defence, to promote cooperation, trust and communication
Technical and Specialist Skills:
- Strong knowledge of IT infrastructure components including software (Operating System, Application and Database), hardware (Server, Firewall, Switch and Router) and IT Security components
- Knowledge of Technology Risk Management practices, fundamentals and frameworks in Asia Region
- Knowledge of information security concepts, practices and tools
- Understanding Systems development practices, lifecycle management and Systems Testing
- Understanding of IT Governance within an organisation including its components, benefits and practices
- Experience in handling Asia regulatory (e.g. MAS, HKMA, RBI, CBIRC) requirements and compliance based initiatives including reporting
- Knowledge of IT Outsourcing (risks, controls, monitoring), Cloud Computing and related regulatory issues
- Experience in assessing residual technology risks related to Business Continuity Planning (BIA, RTO, DRP etc)