Vice President, Technology Risk

Create your future with Affin! ​​You too can make a difference.

Join us at AFFIN, where the open minds meet and be inspired by a shared commitment to great work. Here, you don’t just stay at the forefront of the industry – you can make a difference too.

JOB PURPOSE

Establish and maintain governance and oversight on the effectiveness of technology risk management for Affin Group. This function will be responsible for maintaining a strong technology risk management culture, formulating/reviewing the technology risk appetite, tolerances and threshold that aligns to the banking group’s risk appetite, and for establishing/maintaining a program to identify, assess, measure, monitor, control and report on significant technology risks.

RESPONSIBILITIES

• Prepare and execute third-party cyber risk assessments, cloud risk assessment, project risk assessment and due diligence activities. 

• Maintain and update the third-party risk inventory, project risk inventory and ensure accurate documentation.

• Review and assess vendor security documentation, including SOC reports, ISO certifications, penetration test reports, and security questionnaires. 

• Monitor ongoing vendor risk through periodic reviews, assessments, and threat intelligence. 

• Track and report risk remediation plans for third-party gaps and exceptions. 

• Identify, prepare and review technology and cyber risk metrics pertaining to third-party and project risk.

• Perform risk analytics on data from internal and external sources to form leading and lagging risk indicators that identify emerging third-party risks before they surface.

• Support the development and maintenance of third-party risk management (TPRM), Project Risk frameworks, policies, and procedures.

• Assist in the design and delivery of training and awareness programs related to third-party cyber, project risk and technology risk.

• Stay current with emerging risks, threats, and regulatory changes impacting third-party cyber risk and project risk.

• Provide advisory, guidance, and recommendation on aspects related to technology risks, particularly in information security and controls, and ensure compliance with the internal IT policies & procedures, as well as regulatory guidelines.

• Conduct an independent assessment review to identify, assess, and evaluate project management issues and best practices, as well as strategies to reduce, mitigate, or transfer IT and cyber risks for identified project risks.

• Support senior management, including the CISO and GCRO, in overseeing the effective implementation of technology risk management at the entity level.+

JOB REQUIREMENTS

• Degree in IT, IS or Computing and/or other relevant domains. 

• Minimum of 5 years in IT risk management, cyber risk management, project risk management, third-party risk management.

• Professional certifications such as PMP, PMI-ACP, CEH, CRISC, and CISSP are added advantages.

• Possess good knowledge and experience of information security and information technology risk management, solid experience in undertaking technical security assessments of technology-related solutions.

• Familiar with Bank Negara Malaysia regulatory requirements related to Technology Risk.

• Strong analytical, influencing and problem resolution skills. Ability to work independently with minimum supervision. 

• Ability to work and collaborate with people across seniority and cultures.