Senior Executive - Cyber & Technology Risk

SUMMARY OF RESPONSIBILITIES

• Assist Head of Cyber & Technology Risk on the implementation and continuous improvements in Cybersecurity & Technology Risk, Governance and Compliance, including any other new areas that may be established to meet business strategy and organisational needs
• Collaborate with Business and Technology division and units within Risk and Compliance in ensuring risks are identified and considered in the development of PayNet’s strategic vision, and proactively manage and balance both risk and rewards of the business
• Perform risk assessments, including to identify operational and strategic risks and relevant controls, facilitate prioritisation of risks and identification of risk owners, and develop risk reports and highlight relevant risks and mitigations to Management and Group Risk Committee and Board
• Coordinate and maintain security governance implementation and certification and drive security culture and behaviour internally through continuous security awareness programs

KEY AREAS OF RESPONSIBILITIES

Cyber & Technology Risk Management

• Perform review cyber & technology risk related assessments such as Project Risk Assessment (PRA), Risk and Control Self Assessments (RCSA), Cloud Risk Assessments (CRA), exceptions requests to established IT policies and procedures and other relevant assessment
• Provide consultations, advice, expert opinion and level 2 reviews to Business and Technology division on areas relating to cybersecurity and technology risk, governance and compliance matters
• Participate in periodic cyber and technology related risk assessments, including those associated with developing new or significantly enhanced business applications
• Recommend improvements and mitigations on current systems, policies and strategies and take the necessary actions to mitigate IT related risks
• Perform special reviews on compliance and regulators’ requirements and or as required by the Management, Board and Board Committees

Governance and Compliance

• Prepare and periodically update information security policies, architectures, standards, and other technical requirement documents needed to advance information security at PayNet.
• Establish and fine-tune metrics and develop routine reports to the management and Board according to the metrics.
• Monitor current and proposed laws, regulations, industry standards, and ethical requirements related to Technology Risk, Governance, Compliance, Security and Privacy, and provide advanced advice and readiness to PayNet to be fully compliant with these requirements.
• Advance and improve management of technology or cybersecurity related risks (e.g., compliance and supervisory assessments, management reporting, etc.) and overall Cybersecurity and Technology Risk, Governance and Compliance operations through process improvements, data analytics, or automation.

Overall Cyber and Technology Risk Department Operations

• Maintain relevant documentation for audit and inspection.
• Maintain close working relationship with all retail payments and cards product owners and stakeholders with respect to Cyber & Technology Risk, Governance and Compliance matters.
• Keep abreast with the latest risk management practices and/or standards and proactively adapt these practices and/or standards where appropriate.
• Perform any other assignments as directed by the CISO and/ or Head of Cyber & Technology Risk or Senior Director of Risk and Compliance.

FUNCTIONAL COMPETENCIES

• Possesses adequate knowledge of enterprise risk framework and processes.
• Possesses adequate understanding of PayNet products/solutions.
• Possesses adequate understanding of the industry trends and relevant regulatory guidelines (e.g. BNM).
• Possesses adequate understanding of data sources and systems based on operational execution experience; able to perform non-routine analysis on information sources.
• Possesses adequate understanding of relevant stakeholders decision-making process (e.g. approval levels) based on operational execution experience.
• Possesses adequate understanding of project management tools and resources (e.g. Gantt charts, task lists) used in different scenarios (e.g. non-routine situations).
• Able to assist in management meeting i.e. deliver technical message in layman terms across to all levels of audience especially Management, Group Risk Committee and Board.
• Possesses comprehensive understanding of technology risk management framework, IT threats and its linkages to processes, guidelines, and control measures; Suggests improvements on the application of framework for PayNet's needs

QUALIFICATIONS & EXPERIENCE

• Degree in Cybersecurity, Information Technology, Computer Science or other related disciplines with relevant experience in managing cyber risk in financial market infrastructures, critical national infrastructure, military, security intelligence or equivalent
• 3 to 5 years of cybersecurity and/ or technology governance, risk and compliance or information security experience
• Experience in various regulatory requirements such as BNM RMiT, ISO27001, MAS Technology Risk Management Guidelines, National Institute of Standards and Technology (NIST), Centre for Internet Security (CIS), FMI Cyber Resilience Guidelines or equivalent would be an added advantage
• Thorough understanding of end-to-end cybersecurity and technology operations and how technology interfaces with business, risk management and compliance processes and IT Security
• Relevant professional certifications such as CISA, CISSP, CEH, GPEN, CISM, ISO27001 auditor would be an advantage
• Must possess excellent interpersonal skills and be able to communicate and manage the relationship at all levels
• Fluency in written and spoken English is essential for this position.