Director, IT Risk Management

Director, IT Risk Management

**Create your future with Affin You too can make a difference.**

Join us at AFFIN, where the open minds meet and be inspired by a shared commitment to great work. Here, you don't just stay at the forefront of the industry - you can make a difference too.

**Position Objective**
- Responsible for the preparation and review of technology risk report and Project performance reports within the risk parameters of technology risk management for Affin Group.
- Establish and maintain governance and oversight on the effectiveness of technology risk management reporting and project risk management for Affin Group. This function will be responsible for maintaining a strong technology risk management culture, formulating/reviewing the technology risk appetite, tolerances and threshold that aligns to the banking group's risk appetite, and for establishing/maintaining a program to identify, assess, measure, monitor, control and report on significant technology risks

**Key Responsibilities**
- Responsible to perform regular IT risk monitoring and reporting. Analyse and checker on reporting technology risk for the Banking Group.
- Review and maintain technology risk metrics, including management dashboard and reporting.
- Responsible to prepare and provide timely and accurate reporting on Technology Risk related matters to Management and Board delegated committees.
- Conduct independent assessment review to identify, assess and evaluate potential and emerging IT and Cyber threats as well as strategy to reduce, mitigate or transfer the IT and cyber risk, particularly on Project risk and Monthly Reporting.
- Conduct an independent assessment review to identify, assess and evaluate Project management issues and best practices.
- Perform risk analytics on the data collated from internal or external sources, forming leading and lagging risk indicators on identifying IT risks that yet to surface particularly on Project
- Provide advisory, guidance, and recommendation on aspects related to technology risks, particularly in the area of information security and controls, and ensure compliance with the internal IT policies & procedures, as well as regulatory guidelines.
- Responsible to drive and support the technology risk awareness and training program.
- Work closely with the business continuity management team and IT team in defining/updating the issue management, as well as crisis management and communication processes.
- Work with the Technology team to ensure relevant regulatory, banking industry and IT best practices are in place or incorporated into the existing policy, procedures, and standards. Monitor and report the compliance status of the policies, frameworks, and other technology-related regulatory requirement
- Provide assistance and support to the first-line of defense on the establishment of a Technology Risk awareness and training program.
- Keep abreast of the latest technology and the emerging Technology threat landscape.
- Support the Head of Technology Risk (CISO), GCRO, and Senior Management in overseeing the effective implementation of technology risk management at entities level.

**Skills/Knowledge**
- Degree in IT, IS or Computing, and/or other relevant domains;
- Minimum of 10 years of working experience in IT risk management, Cyber risk management, information security, or IT audit for the financial services industry.
- Professional certification such as CISA, CEH, CRISC, and CISSP is an added advantage.
- Possess good knowledge and experience with IT governance and control, information security, and information technology risk management.
- Solid experience in undertaking technical security assessments of IT solutions,
- Familiar with Bank Negara Malaysia regulatory requirements related to Technology Risk.
- Strong analytical, influencing, and problem-resolution skills
- Ability to engage regulators during inspection;
- Good written and communication skills, and ability to interact with senior management, as well as different stakeholders from different divisions and departments.
- Ability to work and collaborate with people across seniority and cultures.
- Ability to work independently with minimum supervision.

Job ID JR100075