Review and monitor the implementation of Risk Management and Risk Management tools such as RGM, PRC, KCSA, ORA, KRI, implementation of RCM etc. carried out by the first line of defense (1st line of defense) at Information Technology Working Unit and ensure that the implementation of Risk Management is in accordance with the provisions in force at the Bank.
Conduct reviews in ad hoc and/or periodic basis to ensure the adequacy and effectiveness of the implementation of controls related to the risk management process in the use of Information Technology, especially those that related to the implementation of risk management tools and during the event of an Information Technology incident occurrence. And continuously perform monitoring and following up the corrective action plans that have been defined by working unit to mitigate the problem that occurs.
Provide the necessary advice and recommendations to the related working units in the Bank regarding the implementation of the necessary controls in connection with the use of Information Technology based solutions including but not limited to the plans to use new technologies, plans to develop products using information technology and so on.
Actively cooperate and coordinate with Business Risk from the Information Technology work unit (IT Risk Management) in fulfilling regulator requests related to inspection or audit processes, compliance with applicable laws and regulations as well as those related to the process of submitting reports or communication to regulators.
Conduct a review to the provisions (Policies, Procedures, Technical Instructions) issued by the Information Technology Work Unit, both for new provisions and the results of regular reviews and updates to ensure the adequacy of the controls set forth inside those provisions and their conformity with other higher provisions.
Prepare and submit Information Technology Risk Management reports to management and other interested parties in periodically basis and when needed.
Qualifications:
Bachelors degree in Information technology, Computer Science and/or Computer Engineering field.
A minimum of 5 years hands-on banking experience
Experienced in the implementation and application of governance and risk management related to Information Technology
Have strong knowledge in the application of Information Technology Risk Management and or Information Technology Governance, especially in the banking or financial industry.
Have an understanding of regulations and best practices related to the application of Information Technology control and risk management, having certification of the application of Information Technology controls such as CRISC, IT Risk Management etc. will be an added value.
Strong analytical thinking and decision making, with good communication skills for both oral and written.
