• IT Risk Officer role is to ensure that the Tech risk on IT assets/IT services are properly defined and well controlled. The Tech risk management framework including policies and standards could ensure CACIB Information System Security.
- To setup a Tech risk management framework for providing oversight of the IT Tech risk picture.
- Make sure the potential Tech risk and Technology operational risk were clear defined.
- Leading the Tech risk analysis or engage internal/external 3rd party for a formal tech risk assessment.
- Propose solution, join IT team risk remediation.
- Re-assess the residual risk after the remediation.
- Design, conduct Tech risk control testing, providing KRI visibility in IT risk dashboard.
- Accompanying local IT teams in technical security topics with ITSO, to ensure proper implementation of security standards and best practices
- Ensuring technical security is taken into account in all the projects, contribute to the risk analysis. Deliver Security Architecture and Engineering services for Business and IT projects.
- Responsible for defining and follow-up of necessary KRI’s, controls, processes to identify the potential risks and threats in IT Systems, ensure appropriate application of security standard. Provide management reports that represent the security posture of the business in a timely, regular and accurate manner
- To develop local IT security policies and procedures, ensure through the practices adopted and tools implemented that the policies are properly enforced.
- To develop local strategies to monitor and respond to security incidents and providing methodical post-event analyses.
- To review the system architecture and configurations (Networks, System, Firewalls and other security components such as IPS/IDS, SIEM) are in line with the Security policies & best practices
- To coordinate IT security audit, security reviews, ethical hacking exercises in coordination with ISS HO and ISS Singapore.
In addition to IT Risk management, the role will also act as IT financial controller and backup of ITSO. The function will include:
- Assist Head of IT draft the annual budget plan.
- Proactively monitor the IT spending VS budget forecast.
- Manage the IT Outsourcing activities.
- Backup ITSO as major initiative of IT security responsible party.
- Backup ITSO as Audit and Regulator contact point.
- Backup ITSO in DRP activities