Job Summary The Senior Manager, Information & Technology Risk ("SM") is a managerial role responsible for leading the development, implementation, and oversight of the Bank's cybersecurity and technology risk management framework. This role ensures compliance with regulatory requirements (e.g., BNM RMiT), drives cyber resilience initiatives, and manages risk assessments across technology domains. The incumbent will work closely with internal stakeholders, regulators, and third parties to safeguard critical systems and data, ensuring operational integrity and regulatory alignment. The role requires strong leadership, deep technical risk expertise, and the ability to balance security, innovation, and business needs. In addition, the SM also plays a key role in identifying, assessing, and mitigating cyber and operational risks within their scope. This includes active engagement in risk governance processes related to technology operations oversight and reporting. Job Responsibilities Cybersecurity & Technology Risk Governance Establish and manage cybersecurity policies and risk frameworks: Lead the development and ongoing refinement of cybersecurity governance, policies, standards, and procedures in line with regulatory and industry best practices. Regulatory compliance: Ensure compliance with all applicable tech risk-related regulations (e.g., BNM's RMiT, tech standards) and serve as the liaison with regulators during audits, inspections, and inquiries. Develop and lead risk assessment processes: Oversee enterprise-wide and targeted cybersecurity and technology risk assessments, identifying control gaps, vulnerabilities, and emerging threats. Technology risk registers and reporting: Maintain and update risk registers, perform risk ratings, and present findings and mitigation status to senior management and relevant risk committees. System Implementation & Controls Assurance Lead setup of cybersecurity and tech risk control systems: Oversee the implementation of systems and workflows related to technology risk monitoring, cybersecurity incident response, and regulatory tech risk compliance. Vendor and third-party risk management: Work with vendors and third parties to assess and ensure security and resilience of outsourced technology services. BAU transition and governance: Once systems are implemented, manage transition to business-as-usual (BAU) operations with clear ownership, monitoring, and reporting mechanisms. Project Oversight & Regulatory Engagement Project governance: Ensure timely delivery of cybersecurity and risk-related initiatives, escalating any issues that may delay compliance or increase risk exposure. Regulatory interaction: Liaise with regulators on all matters concerning tech risk, cybersecurity, data governance, and incident response, ensuring the Bank's positions and capabilities are clearly articulated and defensible. Collaboration across the Bank: Work with key stakeholders in IT, Risk, Compliance, Legal, and Business units to ensure integrated risk management practices are embedded across all technology-related processes. Operational Resilience & Incident Readiness Incident response preparedness: Lead or support cyber incident simulations, table-top exercises, and development of playbooks. Business continuity and disaster recovery: Support the design and testing of recovery plans related to critical technology systems and services. Monitoring and metrics: Establish key risk indicators (KRIs) and security metrics to track effectiveness of the technology risk program. Job Requirements Bachelor's degree in IT, Cybersecurity, Risk Management, or related field. Relevant certifications preferred: CISSP, CISM, CRISC, CISA, or ISO 27001. 8-12 years in cybersecurity or technology risk, preferably in financial services. Familiar with regulatory frameworks: BNM RMiT, ISO 27001, NIST, COBIT. Strong knowledge of IT risk management, cybersecurity controls, incident response, and third-party/vendor risk. Ability to interpret regulatory requirements and translate into actionable processes. Excellent communication and stakeholder management skills. Show more Show less