Technology Governance & IT Risk:
- Ensure that policies, controls, and solutions are continually monitored and improved in response to regulatory requirements/Group PnP, business opportunities and threats. Oversee compliance to all bank-wide policies & procedures.
- Proactively working on analysis and identifying opportunities to improve technology processes and procedures.
- Conduct ongoing technology risk assessment to estimate potential risks and relevant treatments.
- Lead/active manage to conduct ongoing assurance testing as designed per technology risk control self assessment.
- Follow up and monitor technology operational issue or risk are timely tracked to CIMB ops risk system and timely closure.
- Perform effective testing key controls of system infrastructure, system security, production change management, etc. to ensure regulatory and policy compliance.
- Review risk assessments undertaken by the First Line of Defense to adhere to the company’s risk controls over Third-Party Service Providers and Partners, including IT due diligence for vendor and partners Support to prepare management updates on technology risks, compliance to relevant local and group stakeholders.
D&T Compliance & audit support:
- Oversee compliance to all of CIMB Vietnam’s Digital & Technology related project.
- Conduct gaps analysis for any technology-related and data-related new regulatory requirements
- Enforce to implement the action plan to ensure compliance with new regulatory requirements. Facilitate and support internal/external audit/ compliance review, identifying risk and driving remediation efforts.
Others:
Assist on any ad-hoc tasks as required by line manager.
Requirement:
Bachelor’s degree in Computer Science, Management/Business Information System/Business.
Certification in such as CISA/CISM is the plus.
Experience in
- Technology such as Infrastructure, Security, Application Change
- Project Management
- Technical document writing
- IT Risk Advisory /IT Audit in big 4 professional service firms (PwC, Deloitte, KPMG or E&Y) is a plus
- Experience in similar position in bankes/ Financial service company is a plus.
Technical/Functional skills
- Knowledge of common infrastructure, security principles and application development
- Familiar with ITIL, COBIT, MS Office, and Data Presentation.
- Familiar with regulatory guidelines such as SBV’s Circular 09, Cir 35, Cir 20.
- Seasoned understanding of risk management principles and practices
- Extensive experience in IT and banking, with focus on assurance and IT process, risk management.
- Knowledge of information security controls, guidelines and standards, such as ISO 27001.
Personal skills
- Delivers Result
- Builds Relationships
- Exercises Sound Judgment
- Inquisitive approach and Inquisitive approach and attention to detail attention to detail
- Problem-solving skill
- Good command of English.