Head, Technology Risk

About the role

As the Head, Technology Risk at Hong Leong Assurance Berhad, you will be responsible for leading the technology risk management function and ensuring the organisation's IT systems, processes and infrastructure adhere to regulatory requirements and industry best practices. This is a full-time, on-site role based in Petaling Jaya, Selangor.

What you'll be doing

Technology and Cyber Risk

Drive the development, implementation and continuous improvement of information security strategies, frameworks, policies, standards, and procedures in alignment with business objectives, risk appetite, legal and regulatory requirements.

Oversee the establishment, maintenance, and enforcement of information security controls to protect the confidentiality, integrity, and availability of data, systems, and networks.

Oversee the execution of regular technology and cyber risk assessments, profiling and monitoring to identify and mitigate potential security threats.

Supervise, oversee and collaborate with internal stakeholders (including Group IT Infrastructure and Group IT Security) to manage response activities, including investigations, containment, remediation, and communication of information security and cyber incidents.

Stay up-to-date with emerging threats to proactively identify potential risks and implement appropriate countermeasures.

Business Continuity Management

Drive the development, implementation and continuous improvement of a robust business continuity management framework, including business impact analysis, risk assessments, business continuity plans, and crisis management plans, to mitigate disruptions and emergencies.

Drive collaboration with key stakeholders to identify critical business functions, establish recovery objectives, and implement strategies for mitigating risks and maintaining operational continuity.

Oversee regular testing, drills, and exercises to validate the effectiveness of business continuity plans, identify areas for improvement, and stay up-to-date with industry standards and regulatory requirements for ongoing adjustments to the program.

Provide strategic leadership and guidance to the Information Security and Business Continuity teams, fostering a culture of collaboration, innovation, continuous learning, and resiliency and security awareness.

Collaborate with cross-functional teams, including IT, Risk Management, Legal, and Compliance, to ensure the integration of security and business continuity requirements into operational processes and projects.

Act as a subject matter expert on information security and business continuity, advising Senior Management and the Group Board Risk Management Committee on potential risks, threats, and necessary IT related investments.

Oversee the development and delivery of training programmes and awareness campaigns to educate employees on security best practices and their roles in business continuity management.

Represent HLAH and its subsidiaries in relevant industry forums, conferences, and regulatory engagements, promoting best practices and building strong relationships with external stakeholders.

Ensure compliance with the Company's and Regulator's policies and regulations.

What we're looking for

• Minimum 8 years of experience in technology risk management, preferably in the banking or financial services industry
• Thorough understanding of technology risks, controls and best practices in the areas of cybersecurity, data protection, business continuity and IT governance
• Proven track record of developing and implementing effective technology risk management frameworks and strategies
• Strong project management and stakeholder management skills to coordinate with cross-functional teams
• Excellent communication and presentation skills to effectively convey complex technology risk concepts to both technical and non-technical audiences
• Relevant professional certifications in fields such as CISA, CISM or CRISC
• Degree in Information Technology, Computer Science, or a related discipline

#J-18808-Ljbffr