VP, IT Governance & Risk Management
Strategic alignment
-
Foster proper communication and coordination among ITD units and teams, to ensure that the ITD endeavours reflect a cohesive understanding of the Bank’s strategic, business, and technological objectives.
-
Guide IT teams in formulating technology strategies and roadmaps framed within the business strategy.
-
Identify opportunities and formulates technology strategies and roadmaps in line with the agreed strategy. Actively support and participate in development of IT strategic, tactical and operational plans.
-
Monitor, evaluate, handle and report on the effectiveness of IT strategies, transformation plans and their alignment with bank’s objectives.
-
Establish and maintain IT Committees to effectively governance and manage IT
-
Derive the appropriate Governance initiatives from business and IT objectivesPolicies, Processes & Frameworks
-
Evangelise the agreed Governance & Risk practices across the division, with emphasis on business value creation for the Group
-
Oversee definition and maintenance of IT functions, controls, policies and processes
-
Analyse and identify internal environmental factors, business needs, external regulations, emerging technologies, laws, contractual obligations, standards and industry best practices and ensure that these are considered within IT Policies and Processes.
-
Responsible for the development and implementation of IT Governance & Risk Policies and Processes definition and implementation across the Group, with associated assurance testing frameworks. Responsible for the review and evolution of the same, aligned to the Group’s risk appetite.
-
Manage within the IT Governance model and process to optimize the value and benefits realization of IT investments, ensure alignment and prioritization of projects to the strategy.Internal & External Compliance
-
Maintain external focus and demonstrate technical expertise and awareness of key industry standards and trends across IT Security and Risk management practices and accredited standards.
-
Deliver compliance to recognised industry standards and required regulations proactively.
-
Be proactive in informing and preparing the team for upcoming legal, regulatory and Industry requirements.
-
Periodically assess and improve IT controls, functions, policies and processes are to ensure that they are operating effectively and efficiently.
-
Act as a point of contact for internal/external auditors and regulators for all IT Strategy, Governance related items
-
Ensure management of international IT regulatory register in coordination with Group Compliance
-
Institutionalize operational controls such as project and change management gate reviews to optimize overall control effectivenessIT Risk and Security Management
-
Ensure comprehensive IT risk management framework is established to identify, analyse, mitigate, manage, monitor, and communicate IT risks.
-
Ensure the IT risk appetite and tolerance levels are understood, articulated and communicated, and that IT related risks are identified and managed.
-
Promote an IT risk-aware culture and empower the teams to proactively identify IT risk, opportunity and potential business impacts.
-
Work with Group Security Officer to ensure the implementation of security controls with in GIT
-
Oversee various risk assessment activities in GIT and ensure proper implementation of risk treatment options such as mitigation, transfer, acceptance etc.
-
Deliver periodic risk profile reports and KRI reports to senior management
-
Engage with leadership team to review IT risk profile and risk treatment strategies
-
Manage Technology risk committee meetings and ensure closure of action plans
-
Identify, agree and manage various assurance initiatives and internal reviews across GITContinual Improvement
-
Ensure continual adoption of industry best practices for overall governance & management of IT
-
Quantify the value add of the team from improvements in the control environment and reduction in risk to the IT and the business.
-
Direct the team to implement proper communication channel to maintain IT Policy and process awareness among IT staff
-
Oversee development of key metrics and KPIs to ensure effective and efficient measures are in place
-
Promote an IT risk-aware culture and empower the teams to proactively identify IT risk, opportunity and potential business impacts.
-
Ensure IT performance measurement systems are in place and accurate reports are shared with relevant stakeholders.
-
Identify and lead risk automation practices and tools to streamline efficient operation of the team and seamless interactions with its stakeholders. Drive the Governance team to transparency of status backed by integrity and single source of truth data.Resource Management
-
Establish beliefs, values, attitudes, and unwritten guidelines to reinforce the IT best practices and organizational culture
-
Work with IT management to establish appropriate right sourcing strategies for all IT resources
-
Work with various internal and external stakeholders to develop training & development plans for IT staff
-
Responsible for hiring, development, and leadership of staff, continuous improvement of department processes and tools.
-
Lead and motivate people up and down the line to act in accordance with philosophy, policies, procedures, and standards in carrying out the plans.
-
Responsible for engaging, empowering, developing, and rewarding a talented and highly dedicated team of IT Governance and Risk professionals.
-
Operate an efficient workload planning process for the team, and identify the appropriate resourcing solutions to deliver each objective.International Oversight:
-
Work with executive management to develop IT governance, risk and assurance plans for international regions
-
Collaborate with executive business and IT management to formulate technology strategies and roadmaps
-
Maintain effective and timely communication with stakeholders and ensure they are engaged in IT Governance, Risk and Compliance matters
-
Engage with compliance and IT teams to ensure IT Regulatory compliance requirements are articulated, assessed and addressed
-
Responsible for creation, publication and communication of IT policy addendums and local IT procedures
-
Oversee implementation of Group IT policies and standards across international offices. Address deviations and exceptions as per the organizational policies.
-
Steer International IT governance committee meetings and manage action plans
-
Maintain oversight of internal and external IT audit and regulatory remediation efforts
-
Drive training programs to enhance policy and control awareness among local IT staff
Knowledge & Experience:
-
13 or more years of working experience in IT Security, Risk and Governance practices.
-
5+ years of experience working in leadership role IT Security, Risk and Governance
-
Evidence of influencing senior stakeholders and dealing with external auditors and regulators
-
Excellent interpersonal skills and good oral and written communication skills
-
Good understanding of process models in ISO and industry standards relating to IT Security, Risk and Governance.
-
Good understanding of security and risk management in financial institutions.
-
Good understanding of innovations / trends in IT and fintech in particular
-
Recent experience in the governance of agile and other digital/innovation ways of working
-
Good experience of enforcing good governance across an outsourced IT resourcing model.
-
Strong analytical capabilities and knowledge of related tools and processes. Proven ability to handle volume detail and summarise effectively
-
Excellent knowledge all aspects of technology: infrastructure; operations, security, development, change/transformation, support, innovation, vendor management etc., and banking related processes especially risk management. Should have demonstrable experience of working in the majority of these domains.
-
Good understanding of technology processes across a full service IT organization. Should have demonstrable experience in these areas.
-
Good understanding of banking related environments – especially around high availability, data confidentiality, security etc.
-
Good understanding of project management to drive the team to deliver to objectives and to oversight the division’s change governance
-
Good understanding of technology trends to keep the policies and procedures ahead of the curve
-
Good knowledge in different IT process models (ITIL / ISO / COBIT etc.).
-
High Performance attitude and track record to evidence
-
Adequate forward planning and implementation of improvement initiatives
-
Budget and cost management
-
Utilization of resources – Effective utilization of staff to deliver planned and unplanned outcomes to agreed timelines
-
User satisfaction – Feedback from business units and other IT teams on the collaborative support provided by the unit
-
Quality – Availability of record of activities carried out by the unit, in compliance with quality assurance requirements
-
Risk management – Effective management of risks in the infrastructure operations
-
Vendor management – Efficient use of outsourced vendor teams. Performance of vendors as per committed SLAs
-
Staff development – Staff turnover, availability of skills, staff satisfaction, and talent managementSkills:
-
Relationship management
-
Influencing skills
-
Big picture thinker with attention to details
-
Strong change and communication skills
-
Strong analysis skills
-
Strong interpersonal skills
-
Resource (time and people) management skills