Manager, Risk Reporting, Risk Management
Bank Negara Malaysia
ROLE PURPOSE
Responsible for managing the Bank’s technology and cyber risk oversight, with a strong focus on ensuring that all reported technology and cyber incidents are independently reviewed, properly assessed, tracked to completion and escalated where required. The role is also responsible for planning and conducting technology risk assessments, strengthening technology risk frameworks, policies, methodologies, processes and tools, and providing independent advisory, challenge and assurance on technology, cyber, information security, third-party technology, data and operational resilience risks.
PRINCIPAL ACCOUNTABILITIES
Technology and cyber incident oversight: Ensure all reported technology and cyber incidents are reviewed, assessed, escalated, tracked and closed appropriately.
- Review incident submissions for completeness, assess business and risk impact, validate root cause and remediation adequacy, monitor ageing and overdue actions, and escalate material or recurring issues to management and relevant risk committees.
- Maintain clear oversight of the full incident lifecycle from reporting, assessment and escalation to remediation follow-up and closure, ensuring that incidents are not treated as closed until required actions and control improvements are sufficiently addressed.
Risk governance, framework and policies: Develop, maintain and ensure effective implementation of risk frameworks and policies.
- Develop and refine the Bank’s risk appetite and tolerance statement (as and when required) and ensure continuous monitoring to detect any breach and escalate to management.
- Liaise and maintain networking with other organizations, locally and internationally, and conduct continuous benchmarking or research to keep abreast with the latest risk management practices/standards and regulatory policies.
- Develop, maintain and enhance the Bank’s technology risk management framework, policies and methodologies, including requirements relating to cyber risk, information security, IT governance, system resilience, data protection, cloud adoption and third-party technology risk.
- Provide independent oversight and challenge on technology-related risk assessments, control design, remediation plans, risk acceptances, technology change initiatives, outsourcing arrangements and material technology incidents.
Risk culture and outreach: Promote the development of risk knowledge among staff to build a strong risk management culture.
- Raise awareness on importance of risk management among Bank staff and develop financial risk management capabilities amongst departmental risk officers (DRO).
- Promote technology risk awareness among Bank staff and departmental risk officers, including understanding of key cyber threats, technology control expectations, incident escalation, third-party technology risk and secure use of systems and data.
Risk tools and processes: Develop, maintain and ensure effective implementation of tools and processes.
Risk analysis and advisory: Provide an independent technical and advisory view of related risks, from an enterprise perspective with the objective of adding value, strengthening, and improving the Bank’s operations through risk mitigation proposals to various risk committees in a timely and effective manner.
Provide tactical and strategic leadership to team members through mentoring staff to meet their corporate and personal goals.
QUALIFICATIONS
Academic Qualifications:
- Degree in Information Technology, Economics, Accounting, Finance, Mathematics, Statistics, Law, Engineering, Business Studies etc.
- Post-graduate degree or professional certification in Technology Risk, Information Security, Cybersecurity, IT Audit or Risk Management is an added advantage.
Experience:
- Preferably minimum four years industry experience in technology or cyber incident review, incident lifecycle management, remediation tracking, technology risk management, information security, cybersecurity, IT audit, IT governance, technology operations, cloud, third-party technology risk or related risk and control functions.
- A Malaysian citizen.
ONLY SHORTLISTED CANDIDATES WILL BE NOTIFIED
How to apply
To apply for this job you need to authorize on our website. If you don't have an account yet, please register.
Post a resumeSimilar jobs
Reservations Agent
Land Surveyor
Art Creative Associate, Creative & Production (Storyboard)