ExecutiveFull TimeEN
Key Responsibilities
1. Policy, Procedures, and SOP (30%):
- Ensure all D&T policies, procedures, and SOPs are up-to-date
- Review and approve changes to PnP/SOP
- Collaborate with teams for approval processes
2. Compliance (20%):
- Perform gap analysis for new/revise Circular/Law impacting D&T
- Submit regular reports to SBV
- Oversee compliance requirements
3. IT Risk Management (20%):
- Conduct annual risk & control self-assessment (RCSA)
- Manage Control Issue Management (CIM)
- Monitor Key Risk Indicators (KRI)
- Perform Control Effectiveness Testing (CET)
- Maintain Loss Event Database (LED)
- Assess and validate controls implemented by first line of defense
- Provide assurance to CTO on risk profile
4. Security Administration (10%):
- Manage user access rights
- Oversee SCCA, vendor access, certificates
5. Third Party Management (10%):
- Manage outsourcing and vendor relationships
- Ensure ITDD completion for new vendors
- Oversee NDA and procurement processes
6. Other Governance Activities (10%):
- Cost management
- Support for group audits
- Monitor and report on technology governance metrics
Additionally, oversee security tasks including:
- VAPT monitoring and resolution
- Cyber incident response
- Cyber drills
- Certificate management
- User access management
- Data classification and labeling
Oversee key topics such as firewall management, incident management, SLA management, API management, release management, and software on-boarding.
Job Specification
Bachelor’s degree in Computer Science, Management/Business Information System or a related technical field. Master degree is a big plus.
Certification in such as CISA/CISM is the plus.
Minimum 5 years working experience in IT Risk Advisory /IT Audit in big 4 professional service firms (PwC, Deloitte, KPMG or E&Y) is a plus
Experience in similar position in banks/ Financial service company..
Technical/Functional skills
Advanced skills in ITIL, COBIT, MS Office, and Data Presentation.
Familiar with regulatory guidelines such as SBV’s Circular 18, Cir 35, 47.
Seasoned understanding of risk management principles and practices
Knowledge and experience in implementing Operational Risk and Compliance frameworks
Extensive experience in IT and banking, with focus on assurance and IT process, risk management
Knowledge of information security controls, guidelines and standards, ISO, CIS, NIST, OWASP is the plus.
Delivers Result
Builds Relationships
Exercises Sound Judgment
Inquisitive approach and Inquisitive approach and attention to detail attention to detail
Strong command of English.
With operations that span 15 different markets across the region, the opportunity to expand your experience, test your capabilities, and exhibit your resilience is ample. #teamCIMB is always keen to welcome the ones who are ready to make that very special difference – for themselves and the bank.
