Manager, Risk Reporting, Risk Management

Bank Negara Malaysia


Date: 2 hours ago
City: Remote
Contract type: Full time
Remote

ROLE PURPOSE

Responsible for managing the Bank’s technology and cyber risk oversight, with a strong focus on ensuring that all reported technology and cyber incidents are independently reviewed, properly assessed, tracked to completion and escalated where required. The role is also responsible for planning and conducting technology risk assessments, strengthening technology risk frameworks, policies, methodologies, processes and tools, and providing independent advisory, challenge and assurance on technology, cyber, information security, third-party technology, data and operational resilience risks.


PRINCIPAL ACCOUNTABILITIES

Technology and cyber incident oversight: Ensure all reported technology and cyber incidents are reviewed, assessed, escalated, tracked and closed appropriately.

  • Review incident submissions for completeness, assess business and risk impact, validate root cause and remediation adequacy, monitor ageing and overdue actions, and escalate material or recurring issues to management and relevant risk committees.
  • Maintain clear oversight of the full incident lifecycle from reporting, assessment and escalation to remediation follow-up and closure, ensuring that incidents are not treated as closed until required actions and control improvements are sufficiently addressed.


Risk governance, framework and policies: Develop, maintain and ensure effective implementation of risk frameworks and policies.

  • Develop and refine the Bank’s risk appetite and tolerance statement (as and when required) and ensure continuous monitoring to detect any breach and escalate to management.
  • Liaise and maintain networking with other organizations, locally and internationally, and conduct continuous benchmarking or research to keep abreast with the latest risk management practices/standards and regulatory policies.
  • Develop, maintain and enhance the Bank’s technology risk management framework, policies and methodologies, including requirements relating to cyber risk, information security, IT governance, system resilience, data protection, cloud adoption and third-party technology risk.
  • Provide independent oversight and challenge on technology-related risk assessments, control design, remediation plans, risk acceptances, technology change initiatives, outsourcing arrangements and material technology incidents.


Risk culture and outreach: Promote the development of risk knowledge among staff to build a strong risk management culture.

  • Raise awareness on importance of risk management among Bank staff and develop financial risk management capabilities amongst departmental risk officers (DRO).
  • Promote technology risk awareness among Bank staff and departmental risk officers, including understanding of key cyber threats, technology control expectations, incident escalation, third-party technology risk and secure use of systems and data.


Risk tools and processes: Develop, maintain and ensure effective implementation of tools and processes.


Risk analysis and advisory: Provide an independent technical and advisory view of related risks, from an enterprise perspective with the objective of adding value, strengthening, and improving the Bank’s operations through risk mitigation proposals to various risk committees in a timely and effective manner.


Provide tactical and strategic leadership to team members through mentoring staff to meet their corporate and personal goals.


QUALIFICATIONS

Academic Qualifications:

  • Degree in Information Technology, Economics, Accounting, Finance, Mathematics, Statistics, Law, Engineering, Business Studies etc.
  • Post-graduate degree or professional certification in Technology Risk, Information Security, Cybersecurity, IT Audit or Risk Management is an added advantage.


Experience:

  • Preferably minimum four years industry experience in technology or cyber incident review, incident lifecycle management, remediation tracking, technology risk management, information security, cybersecurity, IT audit, IT governance, technology operations, cloud, third-party technology risk or related risk and control functions.
  • A Malaysian citizen.


ONLY SHORTLISTED CANDIDATES WILL BE NOTIFIED


How to apply

To apply for this job you need to authorize on our website. If you don't have an account yet, please register.

Post a resume

Similar jobs

Reservations Agent

Marriott International, Remote
2 hours ago
Additional InformationJob Number26082588Job CategoryReservationsLocation55 Persiaran Gurney, George Town, Penang, Malaysia, 10250 VIEW ON MAPScheduleFull TimeLocated Remotely?NPosition Type Non-ManagementPosition SummaryProcess all reservation requests, changes, and cancellations received by phone, fax, or mail. Identify guest reservation needs and determine appropriate room type. Verify availability of room type and rate. Explain guarantee, special rate, and cancellation policies to callers. Accommodate and document special...

Land Surveyor

AME Elite Consortium Berhad 腾宇集团, Remote
5 hours ago
OverviewJoin Our Growing Team as a Land Surveyor !AME Construction Sdn. Bhd. is a leading construction company in Malaysia, specializing in high-quality industrial and commercial projects. We are committed to delivering reliable, innovative, and efficient construction solutions. Join our team and be part of a company that values professionalism, growth, and excellence.What You’ll Be DoingTo plan and carry out all...

Art Creative Associate, Creative & Production (Storyboard)

Shopee, Remote
5 hours ago
Job Description:We’re looking for a passionate and proactive Creative Associate to join our Shopee Creative & Production team. This is a hands-on opportunity to contribute to real advertising campaigns and develop your skills in visual storytelling and concept execution across various formats.Job Description:Concept ideation & execution for online videos, DOOH, SM videos, animation videos or any other mediums required by...