Regional Technology Risk Professional
The successful candidate will be part of the Risk Management division. He/She will have primary responsibility to assist the Chief Risk Officer in Asia and the Regional Head of Operational Risk Asia in the design, implementation, monitoring and application of an effective risk framework for technology related risks. This covers the spectrum of IT Disaster Recovery Planning, IT infrastructure, IT Systems and IT Security within the Asia region.
Other key responsibilities of this position would include, but not limited to the following:For matters related to Technology Risk, the role reports to the Regional Head of Operational Risk Asia, and manages the routines of the regional Technology Risk Committee whose topics comprise of key IT risks impacting the Branch, the state of IT controls, and the status of risk reduction plans.For matters related to Technology Risk in the bank’s Asia locations, the role assists the local Chief Risk Officers and the local Operational Risk Heads, in the management of the respective local technology related risks.Promotes ownership, management and compliance of risks in order to comply with Risk Management policies.Supports risk awareness in the IT domain through special and ongoing governance projects.Collaborates with Global Operational Risk, Wholesale in the design and implementation of the technology risk management framework and supporting processes.Collaborates with IT stakeholder, in particular with the first line IT risk partners, in the identification, reporting and management of technology risks.Collaborates with location Operational Risk (OR) in the alignment of technology risk management policies and processes with operational risk management policies and processes.Collaborates with location OR in the day to day execution of risk management policies which involve business operational and technology topics.Be the subject matter expert and contact point for consultation on technology related regulatory requirements.
Requirements:A relevant tertiary qualification with 5 to 10+ years in IT/IT Security including at least 3 years of proven experience in Technology Risk Management in Banking.Relevant professional certifications preferred.Good people management skills with ability to influence outcomes with business and technical teams based on experience in risk analysis, compliance, business banking processes and systems implementation in the Finance or Banking space.Must have excellent written and oral communication skills.Ability to communicate up, down and across hierarchy by providing solid understanding of how IT risks translate to business risks plus a good understanding of banking business models. Strong knowledge of IT infrastructure components including software (Operating System, Application and Database), hardware (Server, Firewall, Switch and Router) and IT Security components.Knowledge of Technology Risk Management practices, fundamentals and frameworks.Knowledge of information security concepts, practices and tools.Understanding Systems development practices, lifecycle management and Systems Testing.Understanding of IT Governance within an organisation including its components, benefits and practices.Experience in handling Asia regulatory (e.g. MAS, HKMA, CBIRC, RBI) requirements and compliance based initiatives including reporting.Knowledge of IT Outsourcing (risks, controls, monitoring) and related regulatory issues.Experience in assessing residual technology risks related to Business Continuity Planning (RTO, DR sites etc).Knowledge of Financial Services Operational Risk Management concepts / requirements.