Các Phúc Lợi Dành Cho Bạn
Mô Tả Công Việc
• Take responsibility for the overall delivery of the IT risk management practice. This position drives the execution of highly complex and technical processes through the combination of oversight, advisory and effective challenge advice across the activities. These activities include risk identification and response, mee regulatory requirements and consulting on technology strategies and solutions.
• Work closely with the business partners to continually assess and identify potential risks, evaluating these to ensure that they are appropriately mitigated through properly implemented policies, procedures, training, systems, and controls.
Information Technology risk:
• Review and design the technology risk management policy, mechanism with reference to SLF and regulatory requirements.
• Be main responsible in monitoring first line of defense in applying technology risk management tools in identifying, assessing, monitoring, and controlling technology risk, and provide guidance on necessary mitigation measures.
• Assess the adequacy and effectiveness of the controls from technology risk perspectives during due diligence of new products/ service propositions and incident handling, provide advisory and recommendation on new technology solution of IT initiatives.
• Coordinate technology risk related regulatory examinations and communication, conduct reviews to identify possible risks and provide recommendations to address the control weakness, and monitor the implementation progress of the remedial action(s).
• Act as an expert resource in technology controls and information security for project teams, the business and outside vendors.
Oversight Risk management framework:
• Perform the Technology Risk reporting operations, including scheduling key monthly meetings, monitoring key milestones, escalation of past due activities, problem triage and management, and archiving key monthly artifacts for audit purposes.
• Develop on-going technology risk reporting, monitoring key trends and defining metrics to regularly measure control effectiveness (Risk and Control self-assessment).
• Provide direction and guidance in the development, implementation, and communication of risk related policies and standards.
• Liaise with Business Continuity Planning Coordinators to develop effective working relationships and documented Business Continuity plans. Supports and/or leads processes that support BCM governance requirements as part of the enterprise operational risk framework (BCP exercise).
• Leading the Business Process Improvement and contribute to the review of internal processes and activities and identify potential opportunities for improvement.
Build Strong Risk Management Culture at SLV:
• Maintain and uphold risk awareness to all staff at all levels, including technical training to raise awareness of all staffs.
• Develop relationships with key business stakeholder(s) to understand processes and proactively identify potential risks and develop mitigating actions.
• Build and maintain an external network with other senior IT risk professionals, as well as applicable risk forums/bodies
• Prepare regular management reports on technology risk status of the Regional.
• Work with line manager in all risk matters / issues /ad-hoc exercises
Yêu Cầu Công Việc
• Integrity/Ethics. Sensitivity to confidential matters
• Sound knowledge in Power BI, Excel advanced features (pivot table, Diagram...)
• Thrives in fast-paced environment and persistent in the face of perceived obstacles.
• Attention to detail in completing work tasks while seeing the big picture.
• Flexibility and ability to multi-task, prioritize, and delegate or seek assistance when appropriate.
• Works well independently and proactively with minimal supervision.
• Analytical, interpretative, evaluative, and constructive thinking to manage complex situations.
• Ability to provide alternative courses of actions to address a problem.
• Decision making process based on DARE model.
Education and experience:
• University graduate with professional qualification(s) in risk management/IT risk/ IT security.
• 5-7 years of experience in risk management or audit roles or in a relevant role. Basic experience with IT infrastructure, allowing effective management of the IT Security team and overall engagement with IT Management.
• Familiar with applicable regulations and how they impact the information technology risk.
• Advanced knowledge of organization, technology controls, security, and risk issues.