Technology Risk Management Senior Expert

JOB PURPOSE

1. Develop and maintain technology risk management framework, policies, procedures, guidelines
- Develop principles and methodologies for technology risk management, establishing technology risk limit, key risk indicators ... according to international practices, legal regulations, and internal governance requirements
- Standardize risk management activities including identifying, assessing, responding and monitoring technology and information security risks following industry best practice and international standards (NIST, ISO, COBIT ...)
- Develop technology & information security threat/ vulnerability/ scenario/ control catalogs
- Consult relevant units to develop BCP/DRP in bankwide level.
2. Develop technology risk management capabilities and improve bankwide technology & information security risk awareness and culture
3. Develop strategies, roadmap and action plans for TDRM

KEY ACCOUNTABILITIES

Key Accountabilities (1) 

Establish and maintain the technology risk management framework

- Develop technology risk management framework, methodologies, regulations, policies, standards, procedures, guidelines.
- Enhance risk taxonomies, governance policies and operating models collaborating with ORM based on investigation findings to enhance robustness of existing risk mechanism
- Establish and allocate technology risk limits, key risk indicators (KORI) according to international practices, legal regulations, and internal governance requirements
- Periodic review & update technology risk strategies/ roadmap/ action plans, technology risk management framework

Key Accountabilities (2)

Assess technology risks, consult to develop mitigation solutions and monitor

- Review and approve technology risks in technology strategy, technology platforms, technology and business processes under the authority as prescribed
- Consult to develop solutions and methods to effectively mitigate and manage technology risk based on technology risk management framework, ensuring comprehensive risk management implementation
- Technical control assurance based on internal policies, government law and regulations, international security standards
- Independent investigate cybersecurity/ technology risk events or digital platform risks; analyzing root causes, proposing solutions/actions to mitigate and manage risks

Key Accountabilities (3)

Develop technology risk management capabilities, improve bankwide technology risk  awareness and culture

- Research on emering technologies appying in banking operations to provide subject matter advices in managing emerging risks
- Build & implement technology risk management capabilities (i.e. competencies standard, training, upskilling, coaching and communication) to enhance bank’s capability in managing technology risks in bankwide level
- Support other units to conduct training and communication to improve bank-wide technology risks awareness and culture

Qualifications and Work Experience

Experience

- At least 10 years of relevant work experience in IT field, including at least 4 years of IT risk management (1st or 2nd line of defence) experience
- Have experience in developing IT risk governance & management framework, risk management policies, procedures and guidelines.
- Have experience in IT infrastructure operation/ IT Architecture/ Cybersecurity operation/ DevSecOps/ Cloud Computing
- Have experience in IT Audit, IT compliance & assurance
- Have experience in developing IT risk management capabilities to enhance bank’s capability in managing technology risks

Expertise

- Extensive knowlegde IT & cybersecurity risk management framework (COBIT, ITIL, ISO, NIST ...), internal information security laws & regulations (Circular 09/2020-NHNN, Circular 50/2024-NHNN, Cybersecurity Law, Personal Data Protection Law ...), and international information security standards (SWIFT CSP, PCI DSS, CIS ...)
- Deep knowledge in at least 2 of the following areas: IT infrastructure operation/ IT Architecture/ Cybersecurity operation/ DevSecOps/ Cloud computing
- Good knowledge of emerging technologies such as GenAI, Blockchain, Quantium technology, etc.

Qualifications

- Having a university degree or higher on Information Technology, Information System, Computer Science, Electronics & Telecommunications, Information Security or equivalent...
- English: TOEIC 600 or equivalent
- Professional certifications in IT Risk, IT Security: CISA/CISSP/CRISC/CISM/COBIT/ITIL ...