Technology Risk Management-Global Research &Solutions

This role will be a key member of the centralised Second Line Technology Risk Oversight team reporting into the Head of Technology Risk Management. The role is responsible to support the independent oversight challenge and governance of the technology and cyber risks (TRM) across clients organization ensuring effective risk management practices across the company. The responsibilities cover all 12 business locations of the client with Technology Risk domains of Information & Cyber Security Data Privacy Technology Enablement as well as Data Governance and AI.

PURPOSE

• Execute risk oversight and governance in line with defined frameworks and requirements across all TRM domains and all businesses to ensure the company is in line with risk appetites policies and standards and regulatory requirements.
• Support the First Line in Technology Risk related matters by providing independent advice with collaboration from a Second line perspective to solve issues.
• Support in the management of key internal stakeholders on TRM matters working together with the First and Third Lines to ensure strong risk culture and effectiveness of the lines of defence.
• Support in the preparation of independent risk reporting on TRM risks commensurate with the business for all applicable forums and committees or on an ad hoc basis as required.
• Execute the roll out client information and technology risk frameworks policies processes and other TRM related Second Line initiatives for the client.
• Deputy for the Head of Technology Risk Management where required

KEY ACCOUNTABILITIES

• Implement the Clients Technology Risk related frameworks and policies and support in development of governance documents as required to effectively execute the TRM Teams remit.
• Ensure the Technology Risk Management oversight requirements are successfully implemented across client organization. This includes but is not limited to Oversight monitoring to ensure First Line is in line with regulatory and internal policy requirements.
  • Monitor and report on KRIs aligned to Clients risk appetite
  • Support on scenario analysis and thematic reviews on technology and cyber risks
  • Review and challenge of TRM related Risk Control Self Assessment results controls issues and risk mitigation strategies and actions to ensure the risk rating treatment plan and target completion date are able to reduce/mitigate the risk on reasonable basis.
  • Review and challenge of technology related incidents root cause analysis and remediation actions defined and perform trend analysis to identify systemic issues for escalation.
  • Support in the development and execution of risk assessments and thematics review
  • Track and monitor technology and cyber risk exposures supporting in the escalation of material issues on a timely basis to key stakeholders

• Understand the specific platform and regional complexities and issues to all business units and provide advisory to the regional and local IT teams on Technology risk matters. This would also include advisory on projects with IT components.
  • Support the Head of Technology Risk Management in preparing risk reporting which covers the IT Risk Forum
  • Executive Risk Committee
  • Investment Group Risk Committee
  • Group Technology Risk Management Forum
  • Any other Ad Hoc reporting
  • Work closely with the operational risk management (ORM) team in executing the information and technology risk oversight related activities in line with the risk framework across the locations
  • Work together with the Head of Technology Risk Management and the Enterprise Risk Management team to promote a strong risk culture across all locations in increasing risk awareness and proactively managing information and technology risk
  • Execute the implementation Group wide requirements and projects.

EXPERIENCE / QUALIFICATIONS

• Minimum 3-10 years of relevant experience with compulsory experience in Technology or Risk Management/Audit.
• Candidates should demonstrate experience in identifying managing and reporting risks and controls in at least three or more of the following areas:
  • IT Infrastructure Management: Networks platforms (e.g. IBM Unix Windows) middleware and databases.
  • Application Development and Change Management (SDLC): Experience with the full software development lifecycle.
  • Identity and Access Management (IAM): Experience with tools like SailPoint CyberArk.
  • Cybersecurity: Familiarity with frameworks like NIST and experience with security tools and operations.
• Analytical meticulous self-starter with strong written and spoken communication skills in English a must. Ability in written and spoken Mandarin a plus.
• Ability to multi-task and handle tight deadlines.
• Proficient in Microsoft office tools.
• Candidates with the relevant certifications in areas such as Technology Risk Management Technology Audit IT Management Cybersecurity Cloud Software Engineering or Project Management will have additional advantage. Examples include:
  • Risk Management: CRISC (Certified in Risk and Information Systems Control)
  • Audit: CISA (Certified Information Systems Auditor)
  • IT Service Management: ITIL Foundation PRINCE2 PMP
  • Cloud/Network: Microsoft Certified Azure Solutions Architect Expert (ISC)² CCSK CompTIA Cloud Essentials
  • IT/Information Security: CISSP CISM CompTIA Security
  • Software Development: DevOps Engineer Professional Google DevOps Engineer Microsoft Certified Solutions Developer
• Skillsets in coding e.g. Python and intelligence dashboards like PowerBI would be advantageous.

Required Skills:

Cyber Security