Manager, Technology Risk, Group Cyber & Technology Risk, Group Risk

Job Responsibilities:

Ensure effective governance and oversight of technology risk management, this role is part of the collective function that is responsible for managing and supporting the technology risk programs, including identification, assessment, measurement, monitoring, control and reporting on technology risks.

Manage and support associated technology risk metrics, including the enterprise technology risk dashboard and reporting

• Formulating and implementing the Technology Risk Management Framework (TRMF) and other relevant IT regulations
• Implementing group frameworks, policies, guidelines, procedures, and methodologies across the business sector
• Conducting and facilitating technology risk assessments and monitoring activities in collaboration with risk owners/representatives.

Conduct independent risk assessments, including the identification and assessments of IT risks.

• Conducting IT risk assessments, including identification and assessment of IT risks, evaluation of countermeasures and recommendation of effective controls to mitigate these risks

Technology Governance and Oversight Activities

• Provide advisory guidance, and recommendations on technology risks, especially in the areas of resiliency and controls
• Ensure compliance with internal IT policies, procedures and regulatory guidelines.

Create and promote a risk aware culture

• Collaborate with Risk Academy to deliver targeted technology risk training programs aimed at increasing employee awareness and understanding of technology-related threats and vulnerabilities
• Stay updated on new technologies, related risks, industry trends, and regulatory requirements in technology.

Job Requirements:

• Experience in IT with hands-on technical experience, working experience in IT risk management, Technology risk management, or IT audit for financial services industry.
• Degree in IT, or Computing and/or other relevant domains
• Having any of these certifications is a plus (but not mandatory): CISM, CISSP, CCSP, CCSK, or vendor specific security certifications like AWS Certified Security Specialty, SC-100 Microsoft Cybersecurity Architect or equivalent, CRISC, CISA.
• Possess strong knowledge and experience in IT governance, control, and information technology risk management
• Background in conducting technology security assessments
• Familiar with BNM's regulatory requirements related to Technology Risk
• Strong analytical, influencing and problem-solving skills
• Capable of engaging with regulators
• Excellent written and communication skills, and able to interact effectively with senior management and various stakeholders from the different divisions and departments
• Able to leverage the contributions of others through collaboration across seniority, culture and locations
• Ability to work independently with minimal supervision.