Digital Risk Advisory Specialist

Job Purposes

Digital Risk Advisory Department is responsible to manage the risk within the Bank, it is in line with the Bank’s strategy related to digitalization of the products and services, which use extensive supporting technology, via risk assessment and advisory in effort to minimize any potential risk.

Responsibilities

Managing the risk emerging from the use of the Information Technology through risk assessment and advisory for Agile and non Agile Way of Working by:

• Ensuring no breach to the Service Level Agreement in providing the risk assessment result as agreed.
• Conducting risk assessment and providing advisory to system development activity or initiative, by paying attention to the risk management cycle to product, services, project, initiative, and / or business process within the bank from the perspective of information risk and technology risk, as agreed policy, also paying attention to regulatory requirements.
• Involving actively in the digital project squads as assigned, playing role as Risk Subject Matter Expert (Risk SME) to provide the advisory to the Non-Financial Risk Officer (NFRO) and project team.
• Attending the regular risk workshop and risk cadence meeting for the project squad as assigned and providing regular risk update to the Digital Risk Advisory Head to accommodate approval process and consultation for any issue, challenge, and progress of the risk job.

Developing risk management policy governing activities related to risk assessment and advisory function as a reference to the implementation:

• Reviewing and revising the document following the agreed policy to enable a proper accommodation to the trend and develop.
• Performing and providing facilitation in the socialization activity and initiate communication to the business units
• Providing feedback to the Digital Risk Advisory Head to develop policy, framework, and procedure governing activities related to risk assessment and risk advisory in the bank wide level.

Providing risk assessment and recommendations on the adequacy of controls and mitigation for risk acceptance document submitted by business units for a service or IT system usage where no mitigations are currently in place. Also, monitoring the completion of risk action plan mitigation listed in risk acceptance document which approved by related parties.

Conducting risk assessment and review to the requirements coming from regulator e.g., product materiality scoring and risk scoring.

Job Requirement :

• Minimum of Bachelor Degree (S-1)
• Experience in the Information Technology auditing is a valuable point and required in the decisión making for risk assessment activity.
• Experience in the risk taking unit (RTU) in managing IT Governance, IT Compliance, and/ or other technical operations functions will be required in giving practical análisis and recommendation.
• Min 8+ experience involved of IT and Risk Control processes.
• Professional certification e.g. CISA/ COBIT/ CISM/ CISSP/ CRMP/ CGEIT, CCISO, and other techical certification will be an advantage.
• Having good interpersonal skill, at ease and able to relate with all managerial levels.
• Technical competencies and knowledge in Agile, IT application and infrastructure security and controls will be an advantage.
• Have excellent communication skills in English, both written & spoken.