Key Responsibilities
- Drive the implementation of compliance of GTD units with the Operational Risk Framework, GroupTechnology Risk Management Framework (GTRMF), Cyber Resilience Framework (CRF), Cloud Risk Management Framework (CRMF) and BNM’s Risk Management in Technology (RMiT) which includes providing advisory and guidance to business units to comply with the frameworks & policies.
- Provide Leadership and Insights in the ongoing development of GTRM’s annual Independent Risk Assurance Program (iRAPT), focusing on key thematic risks.
- Lead in the preparation of monthly Technology Risk Reporting for senior management and boards (GORRC, GRCC, BRCC), including insights on technology risk trends, thematic issues and emerging risks.
- Lead the Analysis and Correlation of information derived from the various ORM tools and other sources to provide independent assurance on technology risk trends, thematic issues, emerging risks and compliance to technology Risk Management Policies, Regulatory Requirements and controls within the group.
- Providing Constructive Challenge to the 1st Line of Defense’s execution of the Operational Risk Management Policy and Technology Risk Management Policy.
- Lead and drive the Effectiveness of ORM tools execution by 1st Line of Defense by guiding the GTD Governance Team’s 1.5 LOD and RCO/DCORO on areas pertaining to validation and assurance.
- To lead and drive the validation program on areas related to IT Controls on CET, LED, CIM, KRI, RCSA, CET and to support preparation of the monthly/quarterly/yearly ORM scorecard and tardiness reporting.
- GTRM point person for ORM related initiatives at local and group level, including the review and enhancement of ORM’s Policies and Procedures, control effectiveness initiatives and discussions with the ORM team.
- Coordinate the regular discussions with GT Governance and Group Compliance focusing on areas needing attention or improvement and areas of mutual interest towards overall strengthening of technology risk governance.
- Key liaison in coordinating the reviews of the yearly RCSA refresh exercise with GTD Unit Risk Control Officer (RCO) &/or DCORO to ensure key operational risks are identified in existing GTD Unit RCSA’s and effectiveness of controls.
- Participate and provide Technology Risk Management advisory & challenges for 1st line and 2nd line of defense projects.
- Be able to work independently and lead ad-hoc tasks which are required by GTRM & NFRM.
- Responsible for managing the GTRM/CISO’s portal.