jobs in Bank Negara Malaysia

Bank Negara Malaysia Hiring! Full Time Manager, Risk Reporting, Risk Management in - Ricebowl

Manager, Risk Reporting, Risk Management

Undisclosed

KL City

Share
Save

Working Location

  • Kuala Lumpur Malaysia

Job Description

Responsibilities

ROLE PURPOSE

Responsible for managing the Bank’s technology and cyber risk oversight, with a strong focus on ensuring that all reported technology and cyber incidents are independently reviewed, properly assessed, tracked to completion and escalated where required. The role is also responsible for planning and conducting technology risk assessments, strengthening technology risk frameworks, policies, methodologies, processes and tools, and providing independent advisory, challenge and assurance on technology, cyber, information security, third-party technology, data and operational resilience risks.


PRINCIPAL ACCOUNTABILITIES

Technology and cyber incident oversight: Ensure all reported technology and cyber incidents are reviewed, assessed, escalated, tracked and closed appropriately.

  • Review incident submissions for completeness, assess business and risk impact, validate root cause and remediation adequacy, monitor ageing and overdue actions, and escalate material or recurring issues to management and relevant risk committees.
  • Maintain clear oversight of the full incident lifecycle from reporting, assessment and escalation to remediation follow-up and closure, ensuring that incidents are not treated as closed until required actions and control improvements are sufficiently addressed.


Risk governance, framework and policies: Develop, maintain and ensure effective implementation of risk frameworks and policies.

  • Develop and refine the Bank’s risk appetite and tolerance statement (as and when required) and ensure continuous monitoring to detect any breach and escalate to management.
  • Liaise and maintain networking with other organizations, locally and internationally, and conduct continuous benchmarking or research to keep abreast with the latest risk management practices/standards and regulatory policies.
  • Develop, maintain and enhance the Bank’s technology risk management framework, policies and methodologies, including requirements relating to cyber risk, information security, IT governance, system resilience, data protection, cloud adoption and third-party technology risk.
  • Provide independent oversight and challenge on technology-related risk assessments, control design, remediation plans, risk acceptances, technology change initiatives, outsourcing arrangements and material technology incidents.


Risk culture and outreach: Promote the development of risk knowledge among staff to build a strong risk management culture.

  • Raise awareness on importance of risk management among Bank staff and develop financial risk management capabilities amongst departmental risk officers (DRO).
  • Promote technology risk awareness among Bank staff and departmental risk officers, including understanding of key cyber threats, technology control expectations, incident escalation, third-party technology risk and secure use of systems and data.


Risk tools and processes: Develop, maintain and ensure effective implementation of tools and processes.


Risk analysis and advisory: Provide an independent technical and advisory view of related risks, from an enterprise perspective with the objective of adding value, strengthening, and improving the Bank’s operations through risk mitigation proposals to various risk committees in a timely and effective manner.


Provide tactical and strategic leadership to team members through mentoring staff to meet their corporate and personal goals.


QUALIFICATIONS

Academic Qualifications:

  • Degree in Information Technology, Economics, Accounting, Finance, Mathematics, Statistics, Law, Engineering, Business Studies etc.
  • Post-graduate degree or professional certification in Technology Risk, Information Security, Cybersecurity, IT Audit or Risk Management is an added advantage.


Experience:

  • Preferably minimum four years industry experience in technology or cyber incident review, incident lifecycle management, remediation tracking, technology risk management, information security, cybersecurity, IT audit, IT governance, technology operations, cloud, third-party technology risk or related risk and control functions.
  • A Malaysian citizen.


ONLY SHORTLISTED CANDIDATES WILL BE NOTIFIED


Important Information

Never provide your bank or credit card details when applying for jobs. Do not transfer any money or complete unrelated online surveys. If you see something suspicious, Report this Job ad.

Learn More