Expert, Technology Risk Management

JOB PURPOSE
1. Develop and maintain technology risk management framework, policies, procedures, guidelines
- Develop principles and methodologies for technology risk management, establishing technology risk limit, key risk indicators ... according to international practices, legal regulations, and internal governance requirements
- Standardize risk management activities including identifying, assessing, responding and monitoring technology and information security risks following industry best practice and international standards (NIST, ISO, COBIT ...)
- Develop technology & information security threat/ vulnerability/ scenario/ control catalogs
- Consult relevant units to develop BCP/DRP in bankwide level.
2. Develop technology risk management capabilities and improve bankwide technology & information security risk awareness and culture
3. Develop strategies, roadmap and action plans for TDRM
KEY ACCOUNTABILITIES
1. Establish and maintain the technology risk management framework
- Develop technology risk management framework, methodologies, regulations, policies, standards, procedures, guidelines.
- Enhance risk taxonomies, governance policies and operating models collaborating with ORM based on investigation findings to enhance robustness of existing risk mechanism
- Establish and allocate technology risk limits, key risk indicators (KORI) according to international practices, legal regulations, and internal governance requirements
- Periodic review & update technology risk strategies/ roadmap/ action plans, technology risk management framework"
2. Assess technology risks, consult to develop mitigation solutions and monitor
- Review and approve technology risks in technology strategy, technology platforms, technology and business processes under the authority as prescribed
- Consult to develop solutions and methods to effectively mitigate and manage technology risk based on technology risk management framework, ensuring comprehensive risk management implementation
- Technical control assurance based on internal policies, government law and regulations, international security standards
- Independent investigate cybersecurity/ technology risk events or digital platform risks; analyzing root causes, proposing solutions/actions to mitigate and manage risks"
3. Develop technology risk management capabilities, improve bankwide technology risk awareness and culture
- Research on emering technologies appying in banking operations to provide subject matter advices in managing emerging risks
- Build & implement technology risk management capabilities (i.e. competencies standard, training, upskilling, coaching and communication) to enhance bank's capability in managing technology risks in bankwide level
- Support other units to conduct training and communication to improve bank-wide technology risks awareness and culture"