HEAD - TECHNOLOGY, INFORMATION & CYBER RISK

  • Competitive
  • Kuala Lumpur, Federal Territory, Malaysia Kuala Lumpur Federal Territory MY
  • CDI, Plein-temps
  • OCBC Bank (Malaysia) Berhad
  • 24 juin 18 2018-06-24

HEAD - TECHNOLOGY, INFORMATION & CYBER RISK

The objective of Technology, Information & Cyber Risk (TICR) function is to establish and maintain governance and oversight on the effectiveness of technology, information and cyber risk management for the OCBC Group.

  • Reporting to the Head of ORM, he/she will have the following responsibilities:
  • Managing delivery of Technology, Information and Cyber Risk Management services within TICR and ensure TICR team delivers against its objectives.
  • Managing & improving working relationships with key stakeholders, including Group Audit, Regulatory & Compliance Unit, IT Security, BCM, IT Heads and Operational Risk Partners.
  • Establish and maintain TICR-owned framework, policies and processes..
  • Organise and conduct Technology Risk Management Committee and Information Risk Working Group with relevant stakeholders.
  • Develop & execute initiatives arising from discussions at the Technology Risk Management Committees and Information Risk Working Group, or directed by senior management
  • Establish and maintain technology, information and cyber related risk dashboards, progress of risk mitigation initiatives and state of risk acceptances.
  • Partner with ORPs, IT Security and external organizations in monitoring newsworthy technology, information and cyber threats and incidents, assess if threats are relevant to the Group, whether existing controls are adequate, and report to relevant Risk Management Committees.
  • Preparation of regular and as-needed technology risk reports, information risk reports, and cyber risk & resilience reports.
  • Participate in industry working groups and contribute to overall improvement of the technology risk management, information risk posture, and cyber risk & resilience posture of the industry.
*LI-LCH

Qualifications
  • More than 10 years of relevant IT experience, of which more than 5 years are in technology risk & information security, or IT audit. Relevant IT experience include managing large-scale IT projects, application development & maintenance, production support, and/or infrastructure , assessment of effectiveness of controls
  • In-depth knowledge and experience with industry-standard technology, information and cyber risk/security management frameworks, e.g. ISO 2700x, NIST Framework for Improving Critical Infrastructure Cyber-security
  • Knowledge and experience with legal and regulatory requirements pertaining to technology, information and cyber risk & security
  • Strong influencing and stakeholder management skills
  • Effectively bilingual
  • Degree in Computer Science or equivalent technical degree
  • CRISC, CISA, CISM and/or CISSP advantageous