Expert, Digital Risk Management

I. Job Purpose:

1. Develop, maintaining risk governance frameworks, policies, and technical solutions to proactively manage digital and technology risks.

2. Develop, propose, implement and monitor TDRM programs and respective mitigation controls to manage technology and digital risks within risk limit.

3. Develop TDRM capabilities and improve bankwide TDRM awareness and culture.

Key Accountabilities

Policy and Framework Development

- Develop, review, maintain and enhance governance policies, standards, regulations and guidelines related to technology risk, cybersecurity, data protection, and digital operations.

- Align internal policies with regulatory requirements (e.g. Data Protection Law, Cashless payment services, Electronic transaction Law, Prescribing security and confidentiality in provision of online banking services...) and industry best practices.

- Lead the governance process for policy approval, dissemination, and compliance monitoring across business and IT units.

- Ensure alignment with regulatory requirements and business objectives while embedding risk prevention into digital platforms and transformation initiatives.

Mitigation controls and Prevention Strategy & Solution Design

- Collaborate with business partner, solution architecture, IT, and security teams and ORME1 to embed risk mitigations into solution design, platforms, and digital transformation projects.

- Evaluate technology strategy, business process, customer journey design and governance and compliance, with effectiveness implementation of controls and propose tools and solutions that align with the organization's risk appetite and threat landscape.

- Establish and define Key Risk Indicators (KRIs) and performance measures to track policy adoption, control effectiveness, and residual risk levels.

- Manage internal and external audit engagements related to technology and cyber risks; oversee timely closure of audit findings.

- Identify data collection requirements for TDRM data, and prepare executive dashboards, reports, and insights to inform risk committees and senior leadership.

- Drive continuous improvement by analyzing incidents and near-misses, benchmarking against industry peers and integrating feedback loops into policy and solution lifecycles.

Risk Awareness

- Promote a strong risk culture through training, coaching, and continuous knowledge-sharing initiatives for TDRM members and bank-wide technology and digital awareness.

- Provide expert guidance on policy implications, solution design risks, and strategic responses to regulatory or emerging risk trends.

- Serve as a subject matter expert (SME) to influence decision-making and drive a culture of risk-aware behavior across the organization.

II. Qualifications and Work Experience

1. Experience

- At least 05 years of relevant work experience in banking system, i.e. risk advisory, legal, audit or corporate governance in an leading bank or financial institution

- At least 02 years working experience in Operational risk management, Digital risk or Business/ Product owner, Technology risk, IT compliance, or Cybersecurity operations

- Have experience in developing and executing of Policies, Governance framework for cybersecurity or digital risk (e.g., data privacy, access control, incident response, compliance and continuous monitoring...); and in designing programs to foster a risk-aware culture among employees and leadership.

- Have implementation experience of tracking KRIs, KPI, measure risk posture, Business Continuity & Disaster Recovery, Crisis Management.

2. Expertise

- Good knowlegde of operation risk management framework, risk governance & compliance, risk management capabilities, fraud risk management.

- Extensive knowledge of banking information system landscape and banking business operation, emerging technologies including GenAI, Blockchain, Quantium technology.

- Good expertise in identifying, assessing, and prioritizing risks across digital systems, platforms, digital journeys and business operation.

- Capable of using analytics and risk metrics to inform policy changes and measure effectiveness.

- Good alignment between security policies, technical solutions with business goals and risk appetite in an innovative style.

- Good knowledge in international information security standards (ARM, PRM, CFA, ISO 31000, PCI DSS ...), and Online banking service law & regulations (Data Protection Law, Cashless payment services - Circular 15/2024/TT-NHNN, Electronic transaction Law - 20/2023/QH15, Cybersecurity Law, Prescribing security and confidentiality in provision of online banking services - circular 50/2024/TT-NHNN...)

3. Qualifications

- Bachelor's or Master's degree in banking and finance, economics, risk management, law, accounting and audit

- English: TOEIC 550 or equivalent

- Professional certification in ARM, PRM, CRISC/CISA, ISO 31000

4. Advantages:

- Deep knowledge of IT risk management framework, information security, information systems, IT Audit, IT compliance assessment ...

- Working experience at the leading banks or financial institution/ ecosystem

Experience

- At least 05 years of relevant work experience in banking system, i.e. risk advisory, legal, audit or corporate governance in an leading bank or financial institution

- At least 02 years working experience in Operational risk management, Digital risk or Business/ Product owner, Technology risk, IT compliance, or Cybersecurity operations

- Have experience in developing and executing of Policies, Governance framework for cybersecurity or digital risk (e.g., data privacy, access control, incident response, compliance and continuous monitoring...); and in designing programs to foster a risk-aware culture among employees and leadership.

- Have implementation experience of tracking KRIs, KPI, measure risk posture, Business Continuity & Disaster Recovery, Crisis Management.