IT Risk Management Specialist

About the Role:

IT Risk Management Specialist

Key Responsibilities

         Conduct regular IT risk assessments covering infrastructure, applications, cybersecurity, and third-party vendors.

         Identify emerging risks in areas such as cloud computing, fintech integrations and digital banking.

         Maintain and update the IT risk register with accurate and timely information.

         Develop and deliver IT risk dashboards and reports for senior management, risk committees, and regulators.

         Track Key Risk Indicators (KRIs) and provide early warning signals for potential IT threats.

         Support regulatory reporting requirements (e.g., Basel III, BOT, MAS, RBI, OCC depending on jurisdiction).

         Ensure IT risk management practices align with frameworks such as ISO 27001, NIST, COBIT, and PCI-DSS.

         Collaborate with compliance teams to ensure adherence to data protection laws (e.g., GDPR, PDPA).

         Support internal and external audits, ensuring timely remediation of findings.

         Assist in IT incident response planning and reporting, including breach notifications within required timelines.

         Contribute to business continuity and disaster recovery planning.

         Analyse incident trends and recommend preventive measures.

         Work closely with IT, cybersecurity, compliance, and business units to embed risk awareness.

         Provide training and guidance on IT risk policies and procedures.

         Act as a liaison with regulators and auditors on IT risk matters.

Relevant Experience:

         Minimum 12 years of experience in IT risk, compliance, or audit within banking/financial services

         Familiarity with ITIL frameworks is a plus.

         Strong knowledge of IT risk frameworks (ISO 27001, NIST, COBIT) and regulatory requirements.

         Proficiency in GRC tools (RSA Archer, ServiceNow GRC) and reporting platforms (Excel, Power BI).

         Excellent analytical, communication, and presentation skills.

         Attention to detail and ability to meet tight deadlines.

Qualifications:

         Bachelor’s degree in Information Technology, Cybersecurity, Risk Management, or related field.

         Excellent communication and interpersonal skills, with the ability to collaborate effectively across teams.

         Professional certifications: CISA, CRISC, CISSP, CISM, or equivalent are considered a plus.