IT and Cyber Risk Control Lead

The day-to-day activities:

• Maintain and update the Bank's technology and cyber risk frameworks, policies and standards based on prevailing regulatory requirements and industry best practices.
• Drive proactive adherence with Bank's security policies and standards, and regulatory requirements across the region.
• Build a comprehensive controls library to support technology and cyber risk management activities of the GXS.
• Assess the effectiveness of controls and determine the residual risks of any control failures and remediation actions are required.
• Maintain a risk register of all residual risk acceptances with implication of technology and cyber risks.
• Proactively track and monitor implementation of risk mitigation measures and perform effectiveness review where needed to ensure implemented measures are effective in reducing risks to acceptable levels..
• Support technology and cyber KRI reporting activities and to ensure adherence with the Bank's risk appetite.
• Participate in technology and cyber risk governance working groups and/or committees where needed.
• Facilitate internal and external audits, as well as regulatory examinations/inspections as a Person In-Charge (PIC) for TRGC function.

• Degree in Computer Science / Technology-related field.
• Minimum 10 years experience in a similar role with another financial institution or regulated institution (e.g. Telco).
• Excellent presentation and communication skills with proficiency in English (both verbal and written).
• Excellent stakeholder management skills.
• Professional information security certification (e.g. CISSP, CISA, CISM, etc) is strongly recommended.
• Possess excellent communication, sharp analytical abilities with proven design skills, able to think critically of the current system in terms of growth and stability.
• Prior knowledge and exposure of technology and cyber risk management in the banking industry.
• Familiarity with other principle risk types such as fraud risks and liquidity risks.