Sitting in the operational risk management department of second line of defense, the incumbent will lead both information security (IS) and IT risk management teams and oversee the development and implementation of IS and IT risk management programs. S/he will develop, maintain, and ensure adherence to IS and IT risk framework, policies, standards, and procedures that align with the regulatory requirements and Bank’s risk appetite. S/he will provide subject matter expertise and advice on risk management and remediation activities, oversee the control implementation in front line units, and lead the communication with Board, Head Office, auditors and regulators.
- At least a bachelor’s degree, and an advanced degree is preferred
- Minimum 10 years of working experience in financial industry with 8 years of work focus on information security, information technology risk management under operational risk management framework.
- At least 3 years of experience working with audit and information security related regulators. Demonstrate the business understanding of related processes, IT/IS risks and approaches to mitigate with well-designed, commercially sound controls.
- The ideal candidate will also show solid understanding of IT Risk Management regulations, standards, and frameworks, including COBIT, ITIL, FFIEC Handbook, and exhibit good knowledge of Information Security threats, controls, standards, and frameworks including
- NIST, ISO 27k, CIS Top 20, etc.
- Operational risk assessment skill across 3 lines of defense and the ability to develop and maintain good relationship with stakeholders.
- One or more of CISA, CISSP, CISM, or equivalent certification is preferred but not required.