Job Description
- Establish First Line of Defense: Lead and maintain an effective governance and risk management program for the Group Data and AI (GDAI) division.
- Ensure Regulatory Compliance: Guarantee strict adherence to banking laws, PDPA, and internal policies by developing robust action plans to address control gaps.
- Enable Data & AI Innovation: Quantify and manage risks related to confidentiality and AI ethics to facilitate the safe execution of the Bank's data strategies.
- Maintain Governance Frameworks: Assess and ensure the effectiveness of Privacy and AI frameworks through continuous monitoring and procedural updates.
- Third-Party Oversight: Evaluate the compliance of external Data Processors to ensure they meet the Bank's standards for data protection and responsible AI use.
Scope of the Role
- Strategic Support: Assist the Head of Data & AI Governance in managing compliance risks across all covered legal entities.
- DPO Deputization: Support the Data Protection Officer (DPO) for Malaysian entities as required by the Personal Data Protection Act.
- Regulatory Liaison: Act as a key point of contact for external regulatory examinations and coordinate with RCS/RCU heads to resolve regulatory concerns.
- Consultation: Serve as the primary point of contact for bank-wide projects, ensuring all data and AI-driven initiatives undergo mandatory governance review.
Key Responsibilities
Drive strong Operational Risk Management practices
- Proactively manage risks within GDAI to reduce the frequency and impact of negative operational events.
- Promptly report and escalate identified risks to the appropriate RCU Head or DPO, ensuring they have full visibility into control effectiveness.
- Execute the Bank's operational risk framework and tools in a robust, disciplined manner to achieve sound reporting practices.
- Partner actively with the Second Line of Defense (2LOD) to ensure optimal risk outcomes for the Group.
- Validate divisional frameworks, policies, and SOPs for accuracy and prepare governance papers for necessary updates.
Promote and maintain regulatory compliance
- Implement Group Compliance policies specifically relating to Data Management, Privacy, and AI functions.
- Provide mandatory bank-wide advisories to staff and project teams regarding Data Management, Personal Data Protection, and AI Governance to ensure Compliance by Design.
- Act as the Subject Matter Expert (SME) for bank-wide consultation, providing formal advisories that translate complex regulatory requirements into actionable guidance for business units.
- Draft and operationalize divisional procedures to ensure Group-level policies are effectively translated into daily activities.
- Identify and monitor emerging compliance risks using tools such as RCSA, regulatory gap analysis, and CET.
- Review all regulatory correspondence and presentations for factual accuracy and ensure all deadlines and commitments are met.
- Evaluate business proposals and products to ensure full compliance with regulatory requirements and subsequent board-imposed conditions.
- Collaborate with RCS and RCU Heads to maintain and refresh the RCSA, ensuring all material and emerging risks are captured.
- Reporting of regulatory breaches, performing deep-dive impact analysis (financial and non-financial) and tracking action plans to closure.
- Perform timely regulatory gap analysis for new legal requirements and ensure necessary controls are implemented.
- Plan and execute thematic reviews (if required) and scheduled or ad-hoc training and awareness sessions for the Bank to enhance the overall control environment.
Champion the Risk Culture
- Promote a strong risk-aware culture by applying technical knowledge of business products and data processes.
- Align tasks across the Three Lines of Defense (3LOD) to minimize execution gaps or overlaps.
- Facilitate effective communication and escalation models across various stakeholder groups.
- Analyze risk data for themes and trends, raising awareness of emerging industry risks.
- Where required provide guidance and mentorship to RCU team members and control testers/ DCOROs to ensure performance standards are met.
Employee Engagement and Development
- Comply with HR performance processes and meet all internal Risk Control Tester KPIs.
- Complete mandatory training to maintain a high-level understanding of evolving frameworks and systems.
- Participate in growth-oriented training to further develop specialized skills in risk and control management.
- Perform any other tasks as assigned by Management to support the evolving needs of the department
Job Specification
Qualifications
(Basic Degree/Diploma etc)
- A Bachelor's Degree/Diploma in Information Technology, Computer Science or equivalent.
Professional Qualification and/or Regulatory, Licensing requirements
- It will be advantageous to have professional qualifications: -
- Data/Technology: CISA, CDPSE, CRC, CIPP, CRISC, CISM, CISSP, CSX, AIGP
- Compliance or Risk (ICA/CRC or regulatorily recognized accreditation)
Relevant Work Experience
- Extensive experience with large-scale environment including skills and in depth understanding of IT and business applications and system.
- Minimum 10 years work experience with relevant experience of IT risk/audit/compliance related role within the relevant business/function preferred
- Good knowledge and grasp of banking practices and products at a higher level and awareness of the BNM policies/guidelines and other regulatory framework
Required Competencies And Skills
Competencies/Skills
(Essential to succeed in this job)
- Excellent communication skills both, verbal and written.
- An understanding of risk drivers and ability to articulate risk to non-risk personnel.
- Knowledgeable about the regulatory compliance and risk management aspects of data, technology, and privacy
- Able to work autonomously
- Demonstrated managerial, leadership and facilitation skills
- Knowledge of the banking processes
