Overview of the Role:
The IT Risk Manager sits on the 2nd Line of Defense who will fulfill the requirements and all regulatory requirements related to IT Risk Management. The IT Risk Manager will protect the company's assets and information by implementing the Group Technology Risk Framework and aligning the requirements on Information Technology Risk Management, Electronic Payments, Electronic Banking Services, and Digital Banking with the needs of the business and operations of the company in coordination with the 1st Line of Defense.
The IT Risk Manager is based in Taguig City, Philippines, and shall report under the Chief Risk Officer, based in the Philippines.
Key Accountabilities:
Provide timely and regular reports and advice to the CRO on IT Risk Management agenda.
Implement the Group Technology Risk Management framework and the IT Risk Management Procedure.
Recommend local policies and procedures that are aligned with GTRM Policy and Operational Risk Management, IT Risk Management, Electronic Payments, Electronic Banking Services, and Digital Banking.
Assess and monitor the active performance of the 1st Line of Defense of a system of IT general and application controls to manage the confidentiality and integrity of information and the continued availability and reliability of IT infrastructure during normal and stress conditions.
Assess and monitor the ope-rationalization of IT controls within the 1st Line of Defense and provide guidance on the identification and rectification of control weaknesses.
Lead the business continuity planning and testing and coordinate activities with the IT department and the concerned operational units.
Conduct an independent risk assessment of all IT domains for determining the acceptable level of stability, availability, performance, recoverability, and resilience from cyber crimes and fraud.
Perform reviews and regular risk assessments of third parties partners, vendors, and outsourced service providers for Risk Department’s endorsement for on-boarding, and endorsement of annual performance, and to identify control issues related to information security, data privacy, and cyber resilience.0
Conduct pre-implementation and post-implementation reviews of major IT projects in coordination with the 1st line of defense IT to ensure that controls are in place and operating effectively, service-levels are met, and business continuity issues are avoided or addressed beforehand by the 1st line of defense.
Coordinate with the Information Security Officer on the vulnerability assessment and penetration tests and monitor the resolutions of the recommended actions.
Research on the latest threats and vulnerabilities and, where appropriate, advice the Head of Information Technology, through the CRO, on the mitigation and remediation of IT related risks.
Participate on the investigation of any technology and information security violations by providing post-mortem analysis to illuminate the issues and recommend possible solutions to the CRO.
Qualifications:
Bachelor’s Degree in Information Technology, Computer Engineering, Computer Science, Business and Accountancy, or other relevant courses from a reputable school or university
Post-graduate degree in Business is an advantage.
Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP) or Certified Information Systems Security Professional (CISSP), A52ITIL, ISO27001 and COBIT Certification is an advantage.
Agile collaborator, high performing, and highly effective oral and written communication.
With good moral character, and ability to inspire colleagues.
Experience:
At least 8 years of experience in Information Technology Risk Management preferably in a bank or financial institution
With strong understanding of bank’s processes, systems, and regulatory environment
Able to implement an integrated technology and information security risk framework and align with the MORB regulations on ITRM, Electronic Payments, Electronic Banking Services, and Digital Banking.
With strong understanding of relevant laws on consumer protection, cyber crime prevention and data privacy.
Required Competencies and Skills:
Detail oriented person with desire to help business and organization in meeting regulatory expectation and improving the organization’s information security practices.
Ability to manage relationships with internal and external stakeholders and positively influence employees across the three lines of defense.
Working knowledge on security standards for IT infrastructure such as network, operating system, databases and other IT appliances.
Technical proficiency on analysing security threats and vulnerabilities, including the execution of VAPT.
Leadership qualities and influencing skills.
Integrity, independence, robustness and resilience.
Sharp business acumen, including the ability to assess risk.
Excellent inter-personal skill and analytical skill.
Able to deliver even under extreme pressure.
