全职 Assistant Vice President - Technology Risk - Security 工作, 薪水, MNRB Group Federal Territory 公司招聘中 - Ricebowl

JOB PURPOSE

This role is responsible for adding value to strategic and operational decision making by assessing and identifying technology, cyber, digital, data and emerging risks that may impact the achievement of the Group’s objectives. The role focuses on evaluating risk return implications, threats, opportunities and trade-offs, particularly in strengthening risk governance, technology resilience and cyber security posture.

JOB RESPONSIBILITIES

• Lead and perform technology, cyber security, digital, and data risk assessments covering applications, infrastructure, cloud environments, and technology initiatives to ensure adequacy and effectiveness of controls
• Perform vulnerability assessments and risk analysis to proactively identify potential threats and recommend improvements to strengthen existing controls and practices
• Perform risk assessments on vendors, outsourcing service providers & partners
• Assess technology risks relating to digital ecosystems, fintech partnerships and platform integrations
• Evaluate risks relating to emerging technologies and provide recommendations to management on risk mitigation strategies
• Develop and monitor technology and cyber key risk indicators (KRIs) to track priority risk areas
• Monitor execution of risk mitigation plans arising from risk assessments, incidents and risk reviews
• Ensure risk action plans are effectively implemented and validated
• Develop risk dashboard and reporting to provide visibility of technology and cyber risk posture
• Prepare risk reports, analysis and presentations for Senior Management and relevant committees
• Support the development and enhancement of technology risk management frameworks, methodologies and governance processes
• Work closely with business and technology teams to facilitate risk assessments and improve risk management practices
• Translate complex technology and cyber risks into business impacts for management understanding
• Provide practical risk advisory to business leaders and management to support risk informed decision making
• Partner with business units to raise awareness of technology and cyber risk management
• Drive risk awareness initiatives including Priority Risk Workshops and risk management training
• Drive cyber drill initiatives
• Support execution of the annual Technology Risk and Security workplan
• Continuously enhance risk tools, dashboards, and reporting capabilities
• Provide guidance and knowledge sharing to team members
• Support integration of ESG risk considerations into risk management practices
• Participate in Group risk initiatives, transformation programs and governance improvements
• Support stress testing and scenario analysis relating to technology disruption and cyber risk events
• Provide inputs into capital modelling exercises where technology risks may have financial implications
• Support development of risk profile to ensure technology risks are appropriate reflected
• Support Group Risk Management initiatives and cross entity projects
• Perform ad-hoc assignments and special projects as assigned by superior

JOB REQUIREMENT

• Bachelor’s degree in information technology, Computer Science, Cybersecurity, IT Risk Management, or related discipline
• Any IT risk related certification such as CISSP, CISM, CEH, CRISC; or Business Continuity Management certification; or Business process improvement certification; or Project management related certification.
• More than 6 years of working experience in (re) insurance and (re) takaful ICT/ IT Risk
• Experience in compliance framework (e.g. SOC 1, SOC 2) information security framework (e.g. ISO 27001, NIST, CIS) regulatory compliance (e,g, AML / KYC , BNM RMiT).
• Fundamental Competencies: Knowledge of (re)insurance / (re)takaful business & knowledge of financial institutions’ regulations and shariah requirements