Operational Risk Management Role - Technology & Cyber Security - BFS

Job Description :

- Partner, support and liaise closely with the Operational Risk Management team to implement all key operational risk components/ programs applicable to different business functions. The operational risk components include Information Security, Business Continuity, Records Management, Vendor Management, Regulatory Compliance and Control Validation etc.

- Responsible for carrying out security assessments and Vulnerability Management.

- Work Closely with IT department on corporate technology development to fully secure information, computer, network and processing systems.

- Performing regular review of activities performed by Information Technology and Security teams

- Review of Policies and Procedures

- Ability to perform Risk Control Self Assessment (RCSA) for Technology & Information Security Units

- Ability to perform Root Cause Analysis for Technology & Cyber security related processes

- Defining & Assessing Key Performance Indicators (KPI) & Key Risk Indicators (KRI) Metrics for Technology and Cyber security related processes

- Responsible for Third Party Assessment review of vendor and partners

- Responsible for in house Data center assessments

- Ability to perform assessment of IT Application & General Controls (ITAC & ITGC) for Technology & Information security related

- Develop and maintain periodic risk reporting to stakeholders for effective tracking and reporting of risk items and issues across business functions.

- Review of Business Impact Analysis (BIA) for process and technology

- Maintain and update inventory of processes, risks and controls for business functions, perform periodic risk and control self-assessment of these processes

- Reviewing security products.

- Conducting in house Data center assessments.

Essential competencies :

- Relevant professional experience of SOC operations

- Understanding of Vulnerability Management and Penetration Testing Tools Understanding of Cyber Incident Response / Cyber Threat Intelligence / Cyber security issue

- Resolve problems independently and understand escalation procedure

- Relevant professional experience including working knowledge or high level awareness of Network and Security Devices

- Communicate effectively with customers, teammates, and management

- Staying up-to-date with emerging security threats including applicable regulatory security requirements

- Understanding of Payment card industry / Application standards

- Understanding of Cloud Technology