Expert, Technology Risk Management

A. JOB PURPOSE1. Develop and maintain technology risk management framework, policies, procedures, guidelines - Develop principles and methodologies for technology risk management, establishing technology risk limit, key risk indicators ... according to international practices, legal regulations, and internal governance requirements- Standardize risk management activities including identifying, assessing, responding and monitoring technology and information security risks following industry best practice and international standards (NIST, ISO, COBIT ...)- Develop technology & information security threat/ vulnerability/ scenario/ control catalogs- Consult relevant units to develop BCP/DRP in bankwide level.
2. Develop technology risk management capabilities and improve bankwide technology & information security risk awareness and culture
B. KEY ACCOUNTABILITIES1. Establish and maintain the technology risk management frameworkProvide subject matter advices and develop technology risk management framework, methodologies, regulations, policies, standards, procedures, guidelines.Enhance risk taxonomies, governance policies and operating models collaborating with ORM based on investigation findings to enhance robustness of existing risk mechanismEstablish and allocate technology risk limits, key risk indicators (KORI) according to international practices, legal regulations, and internal governance requirements
2. Assess technology risks, consult to develop mitigation solutions and monitorReview and approve technology risks in technology platforms, technology and business processes under the authority as prescribedConsult to develop solutions and methods to effectively mitigate and manage technology risk based on technology risk management framework, ensuring comprehensive risk management implementationTechnical control assurance based on internal policies, government law and regulations, international security standardsIndependent investigate cybersecurity/ technology risk events or digital platform risks; analyzing root causes, proposing solutions/actions to mitigate and manage risks
3. Develop technology risk management capabilities, improve bankwide technology risk awareness and cultureResearch on emering technologies appying in banking operations to provide subject matter advices in managing emerging risksBuild & implement technology risk management capabilities (i.e. competencies standard, training, upskilling, coaching and communication) to enhance bank's capability in managing technology risks in bankwide levelSupport other units to conduct training and communication to improve bank-wide technology risks awareness and culture
C. REQUIREMENTSExperienceAt least 8 years of relevant work experience in IT field, including at least 3 years of IT risk management (1st or 2nd line of defence) experienceHave experience in developing IT risk governance & management framework, risk management policies, procedures and guidelines.Have experience in IT infrastructure operation/ IT Architecture/ Cybersecurity operation/ DevSecOps/ Cloud ComputingHave experience in IT Audit, IT compliance & assuranceHave experience in developing IT risk management capabilities to enhance bank's capability in managing technology risksExpertiseExtensive knowledge IT & cybersecurity risk management framework (COBIT, ITIL, ISO, NIST ...), internal information security laws & regulations (Circular 09/2020-NHNN, Circular 50/2024-NHNN, Cybersecurity Law, Personal Data Protection Law ...), and international information security standards (SWIFT CSP, PCI DSS, CIS ...)Deep knowledge in at least 1 of the following areas: IT infrastructure operation/ IT Architecture/ Cybersecurity operation/ DevSecOps/ Cloud computingGood knowledge of emerging technologies such as GenAI, Blockchain, Quantium technology, etc.QualificationsHaving a university degree or higher on Information Technology, Information System, Computer Science, Electronics & Telecommunications, Information Security or equivalent...English: TOEIC 550 or equivalentProfessional certifications in IT Risk, IT Security: CISA/CISSP/CRISC/CISM/COBIT/ITIL ...