Head, Operational Risk - Technology Risk Management TH

Responsibilities: 

• Provide leadership for the implementation of and compliance with the ORM framework and IT Risk Management Policy & Procedure to effectively manage technology related risks, enhance technology resiliency and mitigate risks against technology security threats across CIMBT. 
• Champion, socialize and embed the progressive development, definition and role of enterprise-wide Technology Risk to mature the IT Assurance capabilities. 
• Ensure information assets and technologies are adequately protected.
• Provide strategic insight and assurance on technology risk and security matters as well as security risk profile to Head of ORM, Executive and/or Senior Management in alignment with the Group the bank’s strategic and operating priorities. 
• Communicate to Head of ORM, Executive and/or Senior Management on assurance and control oversight related to IT risks. 
• Identify, analyze and assess cybersecurity risks. 
• Define a framework that will provide clear ownership and accountability of IT Services to strengthen the IT Risk management capabilities. 
• Build strong relationship with BOT and Business Units. 
• Continuous improvement of IT risk management capability in alignment with emerging events, industry/market trends and regulatory directives. 
• Work closely with Business Unit Risk Control Officer (RCO )and/or DCORO to ensure IT risks and events identified as part of existing ORM Framework. 
• Actively participate in selection of Services/Systems/Tools used for IT Security Risk Management. 
• Lead and promote an enterprise culture of IT risk awareness and training.
•  

Qualifications: 

• Bachelor's Degree or Professional Qualification in the relevant discipline such as Banking, Finance or Technology. 
• Preference for professional or post graduate qualifications e.g .CISA, CISM, CRISC, CGEIT, CISSP, MBA. 
• Minimum 7-10 years work experience with relevant second or third line experience preferred. 
• Have experience in team management role. 
• An understanding of general risk management, risk drivers and ability to articulate risk to non-risk personnel. 
• In depth knowledge of technology framework, risks and controls. 
• Practical knowledge of cyber security risks and practices. 
• Strong interpersonal skill. 
• Excellent oral and written communication skills in English