Technology Risk Management Senior Expert

JOB PURPOSE

Develop and maintain technology risk management framework, policies, procedures, guidelines
- Consult relevant units to develop BCP/DRP in bankwide level.
- Develop technology & information security threat/ vulnerability/ scenario/ control catalogs
- Standardize risk management activities including identifying, assessing, responding and monitoring technology and information security risks following industry best practice and international standards (NIST, ISO, COBIT ...)
- Develop principles and methodologies for technology risk management, establishing technology risk limit, key risk indicators ... according to international practices, legal regulations, and internal governance requirements
Develop technology risk management capabilities and improve bankwide technology & information security risk awareness and culture
Develop strategies, roadmap and action plans for TDRM

KEY ACCOUNTABILITIES

Key Accountabilities (1)

Establish and maintain the technology risk management framework

- Establish and allocate technology risk limits, key risk indicators (KORI) according to international practices, legal regulations, and internal governance requirements
- Develop technology risk management framework, methodologies, regulations, policies, standards, procedures, guidelines.
- Periodic review & update technology risk strategies/ roadmap/ action plans, technology risk management framework
- Enhance risk taxonomies, governance policies and operating models collaborating with ORM based on investigation findings to enhance robustness of existing risk mechanism

Key Accountabilities (2)

Assess technology risks, consult to develop mitigation solutions and monitor

- Consult to develop solutions and methods to effectively mitigate and manage technology risk based on technology risk management framework, ensuring comprehensive risk management implementation
- Independent investigate cybersecurity/ technology risk events or digital platform risks; analyzing root causes, proposing solutions/actions to mitigate and manage risks
- Technical control assurance based on internal policies, government law and regulations, international security standards
- Review and approve technology risks in technology strategy, technology platforms, technology and business processes under the authority as prescribed

Key Accountabilities (3)

Develop technology risk management capabilities, improve bankwide technology risk awareness and culture

- Research on emering technologies appying in banking operations to provide subject matter advices in managing emerging risks
- Support other units to conduct training and communication to improve bank- wide technology risks awareness and culture
- Build & implement technology risk management capabilities (i.e. competencies standard, training, upskilling, coaching and communication) to enhance bank’s capability in managing technology risks in bankwide level

Qualifications and Work Experience

Experience

- At least 10 years of relevant work experience in IT field, including at least 4 years of IT risk management (1st or 2nd line of defence) experience
- Have experience in IT infrastructure operation/ IT Architecture/ Cybersecurity operation/ DevSecOps/ Cloud Computing
- Have experience in developing IT risk governance & management framework, risk management policies, procedures and guidelines.
- Have experience in IT Audit, IT compliance & assurance
- Have experience in developing IT risk management capabilities to enhance bank’s capability in managing technology risks

Expertise

- Deep knowledge in at least 2 of the following areas: IT infrastructure operation/ IT Architecture/ Cybersecurity operation/ DevSecOps/ Cloud computing
- Good knowledge of emerging technologies such as GenAI, Blockchain, Quantium technology, etc.
- Extensive knowlegde IT & cybersecurity risk management framework (COBIT, ITIL, ISO, NIST ...), internal information security laws & regulations (Circular 09/2020- NHNN, Circular 50/2024- NHNN, Cybersecurity Law, Personal Data Protection Law ...), and international information security standards (SWIFT CSP, PCI DSS, CIS ...)

Qualifications

- English: TOEIC 600 or equivalent
- Professional certifications in IT Risk, IT Security: CISA/CISSP/CRISC/CISM/COBIT/ITIL ...
- Having a university degree or higher on Information Technology, Information System, Computer Science, Electronics & Telecommunications, Information Security or equivalent...

Chế độ bảo hiểm, Du Lịch, Chế độ thưởng, Chăm sóc sức khỏe, Đào tạo, Tăng lương

Cập nhật gần nhất lúc: 2026-04-08 12:25:02