Head - Information Technology Risk & Compliance - BFS

Head Information Technology Risk & Compliance

Job Purpose :

IT Risk Management is an important 2nd line of defense and integral part of the overall corporate risk management. The incumbent owns the IT Risk Management practice in the Bank, reviews the IT processes to identify, assess, and mitigate risks within the IT environment and highlight the risks and actions to senior management.

Job Responsibilities(JR) Actionable :

- Leadership - Build & Lead a team of motivated IT risk managers to implement bank-wide information technology risk strategies.

- A team that is appropriate for the role and abreast with knowledge and know-how to conduct the role

- Serves as a role model and sets high standards of ethical behaviour and integrity for the team to follow

- Governance and Policy - Own the policies and procedures for development of effective risk management framework integrated into the system development life cycle and promote an effective technology risk culture to enforce and communicate technology risk policies, procedures and guidelines

- Risk identification, measurement and control - Conduct independent review and lend risk opinion on the areas covered under the Bank's corpus of IT operational policies and processes.

- Conduct risk review of IT Architecture covering risk assessment of IT strategy and business requirements, compatibility of new applications, highlight gaps in pre-implementation, obsolescence of technology and emerging technologies.

- Develop framework to manage and highlight risks pertaining to technology partners and highlighting any major deviations/ risks. Undertake periodic IT risk assessment of technology partners.

- Conduct risk identification, assessment and drive mitigation. Review the appropriateness of controls related to IT infrastructure. Assess opportunities for revising/enhancing the risk assessment methodologies

- Develop comprehensive on-going technology risk assessment, and identify trends using advanced understanding of technology risk metrics (KRI) to measure control effectiveness

- Risk monitoring and reporting - Responsible for articulating areas of concern and risk trends to the senior management committees

- On-going research into best practices, regulatory requirements, consultant literature

- Provide inputs on review of regulatory developments, best practices, market trends, competitors

- Provide inputs/ad-hoc analyses to senior management regarding developments in regulatory frameworks, best practices and research papers coupled with peer bench-marking

- Regulatory requirements - Assist in responding to regulatory indents, queries

- Liaise with internal compliance team

Major Stakeholders :

- Board and Board Committees

- Senior Management (including Managing Director)

- Information Technology Governance

- Information Security Group

- Digital Banking

- Business Teams

- Internal Audit and Compliance

- Regulatory