The day-to-day activities:
Maintain and update the Bank's technology and cyber risk frameworks, policies and standards based on prevailing regulatory requirements and industry best practices.
Drive proactive adherence with Bank's security policies and standards, and regulatory requirements across the region.
Build a comprehensive controls library to support technology and cyber risk management activities of the GXS.
Assess the effectiveness of controls and determine the residual risks of any control failures and remediation actions are required.
Maintain a risk register of all residual risk acceptances with implication of technology and cyber risks.
Proactively track and monitor implementation of risk mitigation measures and perform effectiveness review where needed to ensure implemented measures are effective in reducing risks to acceptable levels..
Support technology and cyber KRI reporting activities and to ensure adherence with the Bank's risk appetite.
Participate in technology and cyber risk governance working groups and/or committees where needed.
Facilitate internal and external audits, as well as regulatory examinations/inspections as a Person In-Charge (PIC) for TRGC function.
The must-haves:
Degree in Computer Science / Technology-related field.
Minimum 10 years experience in a similar role with another financial institution or regulated institution (e.g. Telco).
Excellent presentation and communication skills with proficiency in English (both verbal and written).
Excellent stakeholder management skills.
Professional information security certification (e.g. CISSP, CISA, CISM, etc) is strongly recommended.
Possess excellent communication, sharp analytical abilities with proven design skills, able to think critically of the current system in terms of growth and stability.
Prior knowledge and exposure of technology and cyber risk management in the banking industry.
Familiarity with other principle risk types such as fraud risks and liquidity risks.
