Key Responsibilities
• Interface with the second and third lines of defense and will be the single point of
contact (working with first line) for all risk, audit and regulatory related matters.
• Collaborate with second line of defense to implement and drive strategic initiatives to
enhance the firm's technology risk management capabilities and awareness, in line
with industry best practices and the firm's standards and regulatory requirements.
• Identify and escalate emerging and upstream technology risks through execution of
the Firm’s risk management framework tools, including risk event management,
reporting, and action plan tracking.
• Provide advisory to stakeholders and constituents regarding their IT/security
obligations, facilitating acceptable outcomes.
• Liaise with diverse teams to drive and conduct regulatory and IT compliance self-
assessment programmes, risk awareness trainings and so on.
• Liaise with diverse teams to perform risk and control self-assessment (RCSA) testing,
gathering and validating KRIs, dealing with incidents, availability management, etc.
• Partner and work with internal stakeholders to review, identify, streamline and
implement process improvements with regards to IT and cyber risk management.
• Manage IT related audits, regulatory inspections (including regulatory meeting and
request for information).
• Review audit findings with key stakeholders to determine action plans and verify
remedial solutions for closure.
• Communicate and provide guidance of new IT related policies, standards to relevant
stakeholders.
• Provide advice on IT and cyber risk management matters as required.
• Prepare ad-hoc and periodic regulatory and management reports
• Ability to innovate, automate and strategize as required.
Requirements
• At least 7 years of experience in IT Governance or risk management with 3 to 5 years of
relevant experience specifically in IT Governance and/or Risk management.
x
