CAIA's Career Center is an easy-to-use, comprehensive resource connecting job seekers with employers in the growing AI field. Use your knowledge and credibility to advance your career or build a talented team for your organization. Opportunities targeted to CAIA Charterholders are prioritized.
In order to search for jobs specifically for CAIA Charterholders or those pursuing the CAIA Charter please enter “CAIA” in the search panel.
This will enable you to search for CAIA specific roles globally.
Regional Technology Risk Manager (Based in Singapore)
Rabobank Hong Kong
January 5, 2020
Key responsibilities of this role will include, but are not limited to the following:
Design, maintain and implement the regional and local IT risk management framework for the Asia region, including control tools & measures.
Develop, maintain and implement a compliance framework to all applicable Asia regulatory requirements.
Ensure essential IT risk policies and regulations are maintained/updated and are communicated and disseminated to the staff of Rabobank Asia Branches on a timely basis.
Perform oversight on the update of Global, Regional Asia and Local IT policies and procedures.
Review the Asia Technology Risk Committee Charter and provide advisory to locations in the Asia Region.
Develop and maintain a system to promote the identification of IT related risks, including incident reporting.
Develop and maintain an updated understanding of the IT regulatory requirements and obligations in the Asia region and monitor the level of compliance to these requirements.
Review risk acceptances and risk treatment plans submitted by business and IT to form an independent opinion on the risks posed to the different parties.
Review and challenge the figures and information reported in the IT risk dashboard submitted by IT for completeness and accuracy.
Advise business and system owners on risk treatment approaches.
Facilitate the IT risk and control self assessment by the relevant IT departments, in order to assess the effectiveness of the control measures and identify new risks.
Encourage timely identification and reporting of significant risks and losses.
Analyse the IT loss incidents reported and advise on remediation.
Maintain a regional and local IT risk dashboards that highlights key IT risks and the changes in the level of the residual risks.
Monitor the status of IT risk acceptances and follow up with the relevant risk owners on pending/overdue items and the status of the action plans.
Maintain an IT risk register that documents IT risks and the implemented controls/actions taken or actions underway to reduce the risks.
Prepare management reports to senior management for decision making from tactical and strategic risk perspective.
Prepare monthly IT Risk Dashboard for submission to the relevant Risk Committees and/or Technology Risk Committees. The report should cover key IT risks (loss/incidents), identifying trends and movements from previous months.
A relevant tertiary qualification
3+ years of experience in Technology Risk Management
8+ years in IT / IT Security / IT Audit
Relevant professional certification is preferred (e.g. CSX, CISA, CISM, CRISC, CGEIT, CISSP, CCSP)
Job Skills & Knowledge: 1. Influencing Skills:
People management skills
Ability to influence outcomes with business and technical teams based on experience in risk analysis, compliance, business banking processes and systems implementation in the Finance or Banking space
Ability to communicate up, down and across hierarchy by providing solid understanding of how IT risks translate to business risks plus a good understanding of banking business models
2. Interpersonal Skills:
Must have excellent written and oral communication skills
Initiative and self-motivation
Ability to work under pressure and manage multiple tasks
Excellent problem solving/analytical skills
Ability to communicate effectively with Senior Management and convey risk issues and implications for complex technical solutions
Ability to build and maintain relationships at all levels plus engagement with stakeholders
Ability to serve as a bridging function between the 1st and 2nd Lines of Defence, to promote cooperation, trust and communication
3. Technical and Specialist Skills:
Strong knowledge of IT infrastructure components including software (Operating System, Application and Database), hardware (Server, Firewall, Switch and Router) and IT Security components
Knowledge of Technology Risk Management practices, fundamentals and frameworks in Asia Region
Knowledge of information security concepts, practices and tools
Understanding Systems development practices, lifecycle management and Systems Testing
Understanding of IT Governance within an organisation including its components, benefits and practices
Experience in handling Asia regulatory (e.g. MAS, HKMA, RBI, CBIRC) requirements and compliance based initiatives including reporting
Knowledge of IT Outsourcing (risks, controls, monitoring), Cloud Computing and related regulatory issues
Experience in assessing residual technology risks related to Business Continuity Planning (BIA, RTO, DRP etc)
Note: Only shortlisted candidates will be notified.