Manager, Technology Risk VN at CIMB BANK VIETNAM
Ho Chi Minh City, Ho Chi Minh, Vietnam -
Full Time


Start Date

Immediate

Expiry Date

01 Oct, 26

Salary

0.0

Posted On

03 Jul, 26

Experience

10 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

No

Skills

Technology Risk Management, Cyber Security Risk, Business Continuity Management, Third Party Risk Management, IT Governance, Risk Assessment, Regulatory Compliance, Operational Risk Management, Technology Resilience, Reporting & Analytics, Internal Audit, Information Security

Industry

Banking

Description
Technology Risk: The first role of the job holder is to effectively manage Technology risk in the second line of defense. The Manager shall oversee all Technology related rules, regulations, issuances, and standards and ensure that CIMB Bank Vietnam is compliant. The incumbent shall assess and manage threats/risk, IT & Cyber Security Risk, Technology Resilience, 3rd Party Risk and Assurance, Reporting & Analytics. The incumbent shall work closely with the related business units (especially the IT and Digital Development team), Group Technology Risk and local regulators where applicable as part of the incumbent’s accountability to assist the Head of Risk in managing CIMB Bank Vietnam’s Technology risk. Business Continuity Planning: The second role is to manage Business Continuity Management and Sustainability under the guidance of the Head of Risk.   Key Responsibilities: The Key Responsibilities of the Technology Risk Role are as follows: Common roles and responsibility * Manage the Technology Risk Management Framework (TRMF) and Policy (TRMP) to align with the changing regulatory landscape and identified areas for control improvements * Define and manage the TRAS and KRIs to drive actions to meet the approved thresholds and manage associated risks * Execute the ORM validation requirements for RCSA, CET, LED, CIMs, KRIs for technology related maters * Assess/validate the Product Approval submissions involving technology implementations and changes prior to notifying regulators * Review Technology Risk assessments related to Project Implementations * Drive awareness of technology risks & adoption of the TRMF, TRMP, Technology Risk Appetite Statement (TRAS), & Key Risk Indicators (KRI) IT & Cyber Security Risk * Second line of defense oversight on effectiveness of controls to manage IT & Cyber Security Risks across the organization * Identify emerging risks & threats, engaging with IT Security and observation of external events * Lead & orchestrate annual Red Teaming and Cyber Drills * Progressively elevate Cyber Risk Maturity posture of the organization Technology Resilience * Second line of defense oversight on effectiveness of controls to manage Technology Resiliency Risks * Review/Endorse External Independent Assessment reports on Resiliency * Review operational thresholds for improvement and standardization opportunities * Perform deep-dive assessments where necessary, driven events Third Party Risk * Conduct assurance on 3rd Party IT Due Diligence for onboarding and periodic reviews and engage with GTRM SMEs where required * Monitor events related to 3rd Parties in the public domain and trigger ad-hoc assessments, where necessary, in collaboration with Group Outsourcing Governance (GOG) and Service Owners * Engage 3rd Party Governance policy owner for P&P improvements Assurance, Reporting & Analytics * Lead the development of annual Independent Risk Assessment through the identification of risk themes and reporting * Lead the collation of group data and preparation of monthly TRAS & KRI performance metrics & insights for Technology Risk reports * Coordinate the ORM validation activities within GTRM and any ad-hoc demands   The Key Responsibilities of the Business Continuity Management are as follows: 1. Process Resiliency: Deliver process resiliency by enhancing business function recovery capability in a timely manner following a disruptive incident. 2. System Resiliency: Deliver IT systems/ applications commitments (SLA/ Availability, Recovery Time Objective, DR capacity) to System Owner and business stakeholders. 3. Location Resiliency: Enhance capability to recover business functions following a disruptive incident of work locations. 4. Manage the Business Continuity Management Policy & Procedure to align with Group’ s P&P and the changing regulatory landscape and identified areas for control improvements   Job Specification * Relevant degree or equivalent from a recognized University. * Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or Certified Information Systems Security Professional (CISSP) are preferred. * ITIL, ISO27001, and COBIT Certification are preferred. * Science & Statistics are an advantage * With at least 10 years of working experience in a technology risk function, preferably at the managerial level. * With significant experience gained in the banking sector and preferably focus in information security, data privacy, risk management, legal, audit, operations, etc. * Experience with Operational Risk framework, Business Continuity Management is a bonus With operations that span 15 different markets across the region, the opportunity to expand your experience, test your capabilities, and exhibit your resilience is ample.  #teamCIMB  is always keen to welcome the ones who are ready to make that very special difference – for themselves and the bank.
Responsibilities
Manage technology risk within the second line of defense, overseeing compliance with rules, regulations, and standards for CIMB Bank Vietnam. Additionally, lead Business Continuity Management to ensure process, system, and location resiliency.
Loading...