Create your future with Affin! You too can make a difference.
Join us at AFFIN, where open minds meet and are inspired by a shared commitment to great work. Here, you don’t just stay at the forefront of the industry – you can make a difference too.
JOB PURPOSE
Establish and maintain governance and oversight on the effectiveness of Technology Risk Management for Affin Group.
This function will be responsible for maintaining a strong Technology Risk Management culture, formulating/reviewing the technology risk appetite, tolerances, and thresholds that align with the Banking Group’s risk appetite, and establishing/maintaining a program to identify, assess, measure, monitor, control, and report on significant technology risks.
ACCOUNTABILITIES
Review and maintain technology risk metrics, including management dashboard and reporting.
Conduct independent assessments or risk reviews to identify, assess and evaluate potential and emerging IT and Cyber threats as well as strategies to reduce, mitigate or transfer the Technology and Cyber risk.
Provide advisory, guidance, and recommendations on aspects related to technology risks, particularly in the area of Information Security and Controls, and ensure compliance with the internal IT policies & procedures, as well as regulatory guidelines.
Responsible for driving and supporting the Technology Risk awareness and training programs.
Work closely with the Business Continuity Management team and Technology team in defining/updating the issues management, as well as Crisis Management and communication processes.
Work with the Technology team to ensure relevant regulatory, banking industry, and IT best practices are in place or incorporated into the existing policy, procedures, and standards.
Monitor and report the compliance status of the frameworks, policies, and other technology related regulatory requirements.
Provide support to the first line of defense on the establishment of Technology Risk awareness and training programs.
Keep abreast of the latest technology and the emerging technology threat landscape.
Support the Head of Technology Risk, GCRO, and Senior Management in overseeing the effective implementation of Technology Risk Management at the entity level.
JOB REQUIREMENTS
Degree in IT, IS, or Computing, and/or other relevant domains.
Minimum of 5 years of working experience in Technology Risk Management, Cyber Risk Management, Information Security, or IT audit for the financial services industry.
Professional certification such as CISA, CEH, CRISC, and CISSP is an added advantage.
Possess good knowledge and experience with IT Governance and Control, Information Security, and Information Technology Risk Management.
Solid experience in undertaking technical security assessments of IT solutions.
Familiar with Bank Negara Malaysia regulatory requirements related to Technology Risk.
Strong analytical, influencing, and problem-resolution skills.
Ability to engage regulators during the inspection.
Good written and communication skills, and ability to interact with senior management, as well as different stakeholders from different divisions and departments.
Ability to work and collaborate with people across seniority and cultures.
Ability to work independently with minimum supervision.