Senior Officer Technology Risk Management

JOB PURPOSE 1. Develop and maintain technology risk management framework, policies, procedures, guidelines- Develop principles and methodologies for technology risk management, establishing technology risk limit, key risk indicators ... according to international practices, legal regulations, and internal governance requirements- Standardize risk management activities including identifying, assessing, responding and monitoring technology and information security risks following industry best practice and international standards (NIST, ISO, COBIT ...)- Develop technology & information security threat/ vulnerability/ scenario/ control catalogs- Consult relevant units to develop BCP/DRP in bankwide level.2. Develop technology risk management capabilities and improve bankwide technology & information security risk awareness and cultureKEY ACCOUNTABILITIES1. Establish and maintain the technology risk management framework- Develop technology risk management framework, methodologies, regulations, policies, standards, procedures, guidelines.- Enhance risk taxonomies, governance policies and operating models collaborating with ORM based on investigation findings to enhance robustness of existing risk mechanism- Establish and allocate technology risk limits, key risk indicators (KORI) according to international practices, legal regulations, and internal governance requirements" 2. Assess technology risks, consult to develop mitigation solutions and monitor- Review and approve technology risks in technology platforms, technology and business processes under the authority as prescribed- Consult to develop solutions and methods to effectively mitigate and manage technology risk based on technology risk management framework, ensuring comprehensive risk management implementation-Technical control assurance based on internal policies, government law and regulations, international security standards- Independent investigate cybersecurity/ technology risk events or digital platform risks; analyzing root causes, proposing solutions/actions to mitigate and manage risks" 3. Develop technology risk management capabilities, improve bankwide technology risk awareness and culture- Research on emering technologies appying in banking operations to provide subject matter advices in managing emerging risks- Build & implement technology risk management capabilities (i.e. competencies standard, training, upskilling, coaching and communication) to enhance bank’s capability in managing technology risks in bankwide level- Support other units to conduct training and communication to improve bank-wide technology risks awareness and culture