Manager, Technology Risk VN

Technology Risk:

The first role of the job holder is to effectively manage Technology risk in the second line of defense. The Manager shall oversee all Technology related rules, regulations, issuances, and standards and ensure that CIMB Bank Vietnam is compliant. The incumbent shall assess and manage threats/risk, IT & Cyber Security Risk, Technology Resilience, 3rd Party Risk and Assurance, Reporting & Analytics.

The incumbent shall work closely with the related business units (especially the IT and Digital Development team), Group Technology Risk and local regulators where applicable as part of the incumbent’s accountability to assist the Head of Risk in managing CIMB Bank Vietnam’s Technology risk.

Business Continuity Planning:

The second role is to manage Business Continuity Management and Sustainability under the guidance of the Head of Risk.

Key Responsibilities:

The Key Responsibilities of the Technology Risk Role are as follows:

Common roles and responsibility

• Manage the Technology Risk Management Framework (TRMF) and Policy (TRMP) to align with the changing regulatory landscape and identified areas for control improvements
• Define and manage the TRAS and KRIs to drive actions to meet the approved thresholds and manage associated risks
• Execute the ORM validation requirements for RCSA, CET, LED, CIMs, KRIs for technology related maters
• Assess/validate the Product Approval submissions involving technology implementations and changes prior to notifying regulators
• Review Technology Risk assessments related to Project Implementations
• Drive awareness of technology risks & adoption of the TRMF, TRMP, Technology Risk Appetite Statement (TRAS), & Key Risk Indicators (KRI)

IT & Cyber Security Risk

• Second line of defense oversight on effectiveness of controls to manage IT & Cyber Security Risks across the organization
• Identify emerging risks & threats, engaging with IT Security and observation of external events
• Lead & orchestrate annual Red Teaming and Cyber Drills
• Progressively elevate Cyber Risk Maturity posture of the organization

Technology Resilience

• Second line of defense oversight on effectiveness of controls to manage Technology Resiliency Risks
• Review/Endorse External Independent Assessment reports on Resiliency
• Review operational thresholds for improvement and standardization opportunities
• Perform deep-dive assessments where necessary, driven events

Third Party Risk

• Conduct assurance on 3rd Party IT Due Diligence for onboarding and periodic reviews and engage with GTRM SMEs where required
• Monitor events related to 3rd Parties in the public domain and trigger ad-hoc assessments, where necessary, in collaboration with Group Outsourcing Governance (GOG) and Service Owners
• Engage 3rd Party Governance policy owner for P&P improvements

Assurance, Reporting & Analytics

• Lead the development of annual Independent Risk Assessment through the identification of risk themes and reporting
• Lead the collation of group data and preparation of monthly TRAS & KRI performance metrics & insights for Technology Risk reports
Coordinate the ORM validation activities within GTRM and any ad-hoc demands

The Key Responsibilities of the Business Continuity Management are as follows:

Job Specification

• Relevant degree or equivalent from a recognized University.
• Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or Certified Information Systems Security Professional (CISSP) are preferred.
• ITIL, ISO27001, and COBIT Certification are preferred.
• Science & Statistics are an advantage
• With at least 10 years of working experience in a technology risk function, preferably at the managerial level.
• With significant experience gained in the banking sector and preferably focus in information security, data privacy, risk management, legal, audit, operations, etc.
• Experience with Operational Risk framework, Business Continuity Management is a bonus