Our client, a reputable European Bank, is looking for a high caliber to join the regional operational risk team. The successful candidate will be part of the Risk Management Team in assisting the CRO in Asia Region and Regional Head of Operational Risk Asia in the design, implementation, monitoring and application of an effective risk framework for technology related risks. This covers the spectrum of IT Disaster Recovery Planning, IT infrastructure, IT Systems and IT Security within the Asia region.
Risk Governance * Design, maintain and implement the regional and local IT risk management framework for the Asia region, including control tools & measures. * Develop, maintain and implement a compliance framework to all applicable Asia regulatory requirements. * Ensure essential IT risk policies and regulations are maintained/updated and are communicated and disseminated to the staff of Rabobank Asia Branches on a timely basis. * Perform oversight on the update of Global, Regional Asia and Local IT policies and procedures. * Review the Asia Technology Risk Committee Charter and provide advisory to locations in the Asia Region.
Risk Identification * Develop and maintain a system to promote the identification of IT related risks, including incident reporting. * Develop and maintain an updated understanding of the IT regulatory requirements and obligations in the Asia region and monitor the level of compliance to these requirements.
Risk Assessment * Review risk acceptances and risk treatment plans submitted by business and IT to form an independent opinion on the risks posed to the different parties.
Risk Monitoring * Maintain a regional and local IT risk dashboards that highlights key IT risks and the changes in the level of the residual risks. * Monitor the status of IT risk acceptances and follow up with the relevant risk owners on pending/overdue items and the status of the action plans.
Risk Reporting * Prepare management reports to senior management for decision making from tactical and strategic risk perspective. * Prepare monthly IT Risk Dashboard for submission to the relevant Risk Committees and/or Technology Risk Committees. The report should cover key IT risks (loss/incidents), identifying trends and movements from previous months.
University graduated in risk management, information technology or relevant disciplines. Relevant professional certification is preferred (e.g. CSX, CISA, CISM, CRISC, CGEIT, CISSP, CCSP)
Minimum 10 years experience in IT/ IT Security/ IT Audit with minimum 4 years in technology risk management function.
Knowledge of Technology Risk Management practices, fundamentals and frameworks in Asia Region
Knowledge of information security concepts, practices and tools
Understanding Systems development practices, lifecycle management and Systems Testing
Understanding of IT Governance within an organisation including its components, benefits and practices
Experience in handling Asia regulatory (e.g. MAS, HKMA, RBI, CBIRC) requirements and compliance based initiatives including reporting
Knowledge of IT Outsourcing (risks, controls, monitoring), Cloud Computing and related regulatory issues.
Ability to build and maintain relationships at all levels plus engagement with stakeholders