About the Role
The Head of IT Risk is a senior leadership role responsible for developing, leading, and overseeing the bank's overall technology and information risk management function. This role is a key member of the second line of defense, ensuring that the bank's IT systems, infrastructure, and data are secure, resilient, and compliant with internal policies and external regulatory requirements. The Head of IT Risk will work closely with the Chief Technology Officer (CTO) and other senior stakeholders to embed a culture of risk awareness and manage all technology-related risks that could threaten the bank's critical assets and reputation.
What you will do:
1. Strategic Leadership and Framework Management
- Develop, implement, and lead the execution of the bank's IT Risk Management Framework, ensuring it is aligned with the bank's overall enterprise risk management strategy and business objectives.
- Provide strategic guidance and expert advice on IT risk matters to the executive leadership, board, and relevant committees.
- Stay abreast of emerging technologies, cybersecurity threats, and regulatory changes to proactively identify and mitigate new and evolving risks.
2. Risk Identification, Assessment, and Mitigation
- Oversee the identification, assessment, and analysis of all IT and cyber-related risks, including those related to cybersecurity, cloud computing, data privacy, third-party technology vendors, and business continuity.
- Develop and implement effective risk mitigation strategies and action plans to minimize the bank's exposure to identified risks.
- Providing technical guidance to employees, colleagues, Bank vendors and 3rd party service provider.
3. Monitoring, Reporting, and Governance
- Prepare and present regular, clear, and concise reports on the bank's IT risk posture to senior management, the Chief Risk Officer, and the board.
- Manage the internal and external audit relationship for all IT risk-related matters and ensure timely remediation of any audit findings.
- Building and maintaining strong and positive working relationships and effective means of communication with other risk associates, including the Enterprise Risk Management, Operational Risk Management and so on
4. Compliance and Regulatory Management
- Ensure compliance with all applicable banking regulations and industry standards (e.g., BNM RMiT).
- Build and maintain an external network with other IT risk professionals, as well as applicable risk forums / bodies.
- Act as the primary point of contact for IT risk matters during regulatory examinations and audits.
Skills and experience you possess:
- Bachelor's Degree in Information Technology, Computer Science, Information Security, or a related field.
- Possess Relevant professional certifications such as CRISC (Certified in Risk and Information Systems Control), CISM (Certified Information Security Manager), CISSP (Certified Information Systems Security Professional), CompTIA Security+ or similar.
- Minimum of 10-15 years of experience in IT, with a significant portion of that time in a dedicated IT risk, governance, or information security role within the banking or financial services industry.
- Deep understanding of banking operations, digital platforms, and the regulatory environment.
