Managing delivery of Cyber Risk Management services within TICR and ensure Cyber Risk Management team delivers against its objectives.
Managing & improving working relationships with key stakeholders in delivering risk management services within and outside the bank, including IT Security, BCM, IT Heads and Operational Risk Partners.
Continuous improvement of processes within Cyber Risk Management services to achieve better efficiency and effectiveness.
Effective management of Cyber Risk Management Team to ensure efficient utilization of resources, development of staff capabilities, and timely completion of agreed deliverables to stakeholders.
Support the manager in improving overall TICR practices & engagements.
Establish and maintain framework, policies, procedures and guidelines relating to Cyber Risk Management.Define, review and implement cyber risk monitoring dashboards of metrics, trends and analytics
Partner with ORPs, IT Security, Entity-level TICR teams and external organizations in monitoring newsworthy cyber threats and incidents, assess if threats are relevant to the Group, whether existing controls are adequate, and report to relevant Risk Management Committees.
Establish and conduct a Working Group focusing on discussions of cyber risk and resilience incident reviews, proposals to embark on new initiatives, and progress and outcome reporting of cyber risk mitigation initiatives.
Develop & execute initiatives arising from discussions at the relevant Risk Management Committees and Working Groups, or from the manager.Develop & execute annual program of social engineering testing program, and advise Entity-level TICR teams on their respective testing programs.
Preparation of regular and as-needed cyber risk and resilience reports to present cyber risk profiles. This include consolidation of submission of Entity-level TICR reports, and reports from 1 st Line-of-Defense teams.
Participate in industry working groups and contribute to overall improvement of the cyber risk & resilience posture of the industry.
Degree in Computer Science or equivalent
Possess relevant industry qualifications – CISM, CRISC, PMP, CISA, CISSP
More than 10 years of relevant IT experience, of which more than 7 years are in technology risk & information security, or IT audit. Relevant IT experience include managing large-scale IT projects, application development & maintenance, production support, and/or infrastructure management
Experienced in executing risk assessment, risk reduction initiatives, assessment of effectiveness of controls
In-depth knowledge and experience with industry cyber risk & security management frameworks, e.g. NIST Framework for Improving Critical Infrastructure Cyber-security
Knowledge and experience with legal and regulatory requirements pertaining to cyber risk & security
Strong influencing and stakeholder management skills