AVP/VP - Technology Risk Manager, Technology & Operations, DBS Vietnam HCMC

Key Responsibilities

This is an individual contributor role and report to Head of IT.

Policy/Standard/Guide enforcement validation: validate the enforcement of technology risk policies, standards, and guidelines, ensuring adherence to both internal frameworks and local Vietnamese regulatory mandates. Manage Technology Risk, Key Risk Indicators (KRIs) and Key Controls Indicators (KCIs): develop and monitor KRIs and KCIs specially tailored to the Vietnamese banking landscape, identifying potential risks and control deficiencies. Collaborate with Legal & Compliance on Technology Regulatory Reporting: actively collaborate with Legal and Compliance team on technology regulatory reporting, ensuring all submissions comply with SBV. Annual risk attestation: perform annual risk attestations, incorporating specific considerations for the Vietnamese regulatory environment. Vendor risk management: oversee vendor risk management processes, with a focus on assessing third-party compliance with Vietnamese data protection and cybersecurity regulations, and their impact on local banking operations. Audit Management: manage internal and external audits related to technology risks, including those initiated by the SBV or other relevant Vietnamese authorities. Annual Risk Control Self-Assessment (RCSA): conduct annual RCSA based on Technology Risk Controls Library, adapting it to reflect unique risks and controls relevant to the Vietnamese banking sector. Risk Assessment and Advisory: provide risk assessment and actionable recommendations to senior management for risk mitigation, ensuring compliance with local regulatory requirements and addressing specific Vietnamese operational contexts such as fintech partnerships and local payment systems. Risk Monitoring and Closure: be responsible for risk monitoring and the closure of risks arising from internal and external reviews/audits, including regulator inspection reviews from the SBV. Stakeholder Engagement: engage and collaborate with technology stakeholders to proactively identify risks at a details and technical level, driving remediation activities to continuously improve IT risk posture in the context of Vietnamese operations. Reporting: prepare and develop technology risk materials for Risk forums, including specific reports on compliance with Vietnamese regulations. Initiative Management: manage technology risk initiatives, prioritizing those that enhance compliance with local regulatory frameworks.

Required Experience

• At least 5-8 years of experience in technology risk management, with significant exposure within banking or financial services industry in Vietnam.
• Demonstrated experience in identifying, assessing and advising on technology risks, specifically within the context of Vietnamese banking operations, including experience with local fintech partnerships or specific regulatory reporting cycles unique to Vietnam.
• Strong and demonstrate knowledge of Vietnamese banking regulations, including those issued by the SBV.
• Excellent organizational, problem solving, interpersonal and operating skills to effectively drive the IT risk agenda with IT functions.
• Strong communication skills at all levels -- able to effectively communicate with IT and senior management, as well as line staff to drive IT risk mitigation initiatives and other IT risk management related areas.
• Proficiency in both written and spoken Vietnamese is required to effectively communicate with local regulators, internal Vietnamese teams, and to manage Vietnamese documentation.
• Experience in driving IT risk management, preferably in a multi-national banking environment.
• Good technical competencies and exposure to IT application or infrastructure development, support and management.

Soft Skills:

• Strong executive communication (for Technology EXCO-level reporting).
• Ability to translate technical risks into business impact, especially concerning regulatory non-compliance in Vietnam.
• Leadership in driving cultural change toward risk awareness.

Education & Certifications:

• Bachelor's/master's in computer science, or related field.
• Certifications (Required): CISA, CISSP, CRISC, CISM, or equivalent. While these global certifications are highly valued, any relevant local Vietnamese certifications or education backgrounds focused on cybersecurity, data privacy, or IT risk management within the Vietnamese context would be a strong advantage.