About our client
The Client is a Financial Institution and one of the largest banking groups in Malaysia. Also, a Public listed company on the Main Board of Bursa Malaysia, the organization has subsidiaries offering a range of products and services. The organization believes in dynamic development as an integral factor within its culture and is great place to explore in enhancing career aspirations.
About the role
Primary driver to lead development and implementation of IT Risk Management framework, policies, and controls within Banking Group.
Close monitoring of cyber threat and undertaking early prevention measure to minimize system disruption to meet requirement of Senior Management, Board and regulatory bodies.
- To assist HoD to maintain expenses within department budget.
- To plan and drive the 2nd Line of Defence (SLOD) roles in managing IT risk across entities.
- To drive implementation of cyber security gap across organization.
- To review on new/revised regulatory requirement to identify the impact, gaps and action to be taken including review of relevant regulatory concept paper and guidelines.
- To engage with Business/Operation Units on the development of risk frameworks, policies, and tolls relating to system.
- To plan and conduct workshop/training to promote operational risk culture, awareness and understanding of IT risk management concept, practices, frameworks, methodologies.
- To undertake validation on effectiveness of operational controls relating to systems within the business and other operating units.
- To ensure timely review of internal operational processes and manual are updated to reflect latest processes.
- To undertake assessment of new or variation to existing product and services from system risk perspective.
- To monitor and report key issues relating to IT risk and cyber threat to Senior Management, Board, and regulatory when required.
- To develop, recommend and administer policies and procedures to control IT risk to an acceptable operating level within risk tolerance standard and limit.
- To ensure compliance including staff compliance with spirit and letter of regulatory and internal policies.
- To keep abreast with best practices, regulatory requirements and development in the risk management landscape and apply learning to the bank operational risk management practices.
You will have
- Degree or professional qualifications in Information System/Technology.
- 10-15 years of experience in IT security including development of policies and controls.
- 1-3 years of experience in risk management.
- Proficient with the relevant regulatory requirements, industry best practices and policies and is able to translate into Group’s operational risk management strategy.
- Experience in IT Methodologies and Quality Practices e.g SDLC, ITIL, SLA, COBIT.
- Good understanding of work processes in IT environment and Service Level.