Assistant Manager, Cyber Risk Management

Assistant Manager, Cyber Risk Management

**Create your future with Affin You too can make a difference.**

Join us at AFFIN, where the open minds meet and be inspired by a shared commitment to great work. Here, you don't just stay at the forefront of the industry - you can make a difference too.

**Job Purpose**

Ensure the governance and oversight on the effectiveness of technology risk management for Affin Group. This function will be responsible to assist CISO organisation for maintaining a strong technology risk management culture, manage and support the technology risks program on identify, assess, measure, monitor, control and report on significant technology risks.

**Responsibilities**
- Manage and support to perform regular IT/Cyber risk monitoring and reporting. Prepare and analyse technology risk for the Banking Group.
- Manage and support technology risk metrics, including management cybersecurity dashboard and reporting.
- Manage and support to prepare and provide timely and accurate reporting on Technology Risk (including Cyber Risk) related matters to Head, Cyber Risk Management and Head, Technology Risk/CISO.
- Conduct independent assessment review to identify, assess and evaluate potential and emerging IT and Cyber threats as well as strategy to reduce, mitigate or transfer the IT and cyber risk.
- Provide advisory, guidance and recommendation on aspects related to technology risks, particularly in the area of information security and controls, and ensure compliance with the internal IT policies & procedures, as well as regulatory guidelines.
- Manage and support the technology risk awareness and training program. Work closely with business continuity management team and Technology Services (IT) team in defining/updating the issue management, as well as crisis management and communication processes.
- Work with Technology Services team to ensure relevant regulatory, banking industry and IT best practices are in place or incorporated into the existing policy, procedures and standards. Monitor and report compliance status of the policies, frameworks and other technology-related regulatory requirements; drive and engage with Technology Services on Cyber Drill, Red Team Exercise and other cyber related activities on improving the cyber resilience and cyber incident response time.
- Provide assistance and support to first-line of defense on the establishment of Technology Risk awareness and training program.
- Keep abreast on the latest technology and the emerging Technology threat landscape.
- Support Head, Cyber Risk Management and Head, Technology Risk/CISO in overseeing the effective implementation of technology risk management at entities level.

**Job Requirements**
- Degree in IT, IS or Computing and/or other relevant domains.
- Minimum of 5 years working experience in IT/Cyber Security with hands-on technical experience and 2-3 years working experience in IT risk management, Cyber risk management, information security or IT audit for financial services industry.
- Professional certification such as CISM, CEH, CRISC, CISSP is an added advantage.
- Possess good knowledge and experience with IT governance and control, information security and information technology risk management.
- Solid experience in undertaking technical security assessments of IT solutions.
- Familiar with Bank Negara Malaysia regulatory requirements related to Technology Risk.
- Strong analytical, influencing and problem resolution skills.
- Ability to engage regulators during inspection.
- Good written and communication skills, and ability to interact with senior management, as well as different stakeholders from different divisions and departments.
- Ability to work and collaborate with people across seniority and cultures.
- Ability to work independently with minimum supervision.

Job ID JR101062