Job Summary
This role, Manager, Technology Controls Assurance is responsible for managing technology risks and ensuring compliance with regulatory requirements and internal standards within the Technology division of the Bank.
Job Description
- Providing guidance on technology risks involving risk assessments, identification, and analysis for the Technology division.
- Utilizing KCIs to proactively identify non-compliance and tracking these issues to closure.
- Ensuring identified gaps are addressed effectively with control owners and align with best practices or internal standards.
- Creating and maintaining the foundational documents in the division that dictate how the bank manages its technology in line with regulatory requirements (e.g., Bank Negara Malaysia guidelines, internal corporate governance) and industry best practices.
- Acting as a key point of contact and facilitator for internal and external technology audits, ensuring timely and accurate reporting.
- Overseeing and ensuring the closure of technology and cybersecurity events (e.g., incidents, vulnerabilities, security requests) in the division.
- Regularly verifying that the technology controls in place are actually working as intended.
- Working with various business units, functions, and lines of defense (within the enterprise risk framework) to assess compliance in digital processes, applications, and outsourcing arrangements.
- Collaborating on formal processes for accepting certain risks and developing remediation plans with Technology departments and business units.
- Evaluate and revise Key Risk Indicators (KRIs), Key Controls Testing (KCT) and execute Risk & Control Self-Assessment (RCSA) for all relevant regulations and procedures applicable to the division.
Requirements
- Bachelor's degree or higher in Computer Science, information Systems/Technology or related field, or equivalent work experience.
- Minimum 7-8 years of experience in Technology risk/compliance and operated in a similar role, preference in banking or insurance industry.
- Good understanding of information security principles, techniques, protocols and other industry technology standard best practices such as ISO27001, NIST, ITIL, PCI-DSS
