Technology Risk & Business Continuity, Senior Lead

Report to: Chief Risk Officer

Location: Ho Chi Minh

Function: Risk

Type: Individual Contributor

THE OPPORTUNITY:

We are looking for a Technology Risk & Business Continuity, Senior Lead who

• Embed the Risk Management Policy in AIA Vietnam with focus on technology risk & business continuity.
• Provide consultative, advisory and assurance services that supports management in effectively identifying, monitoring and managing the risks that impact on business objectives.

ROLES AND RESPONSIBILITIES:

Technology Risk Management (50%)

• Implement effective proactive risk & control data analytics; monitor KRI reporting and leverage existing metrics and risk dashboards to provide effective qualitative and quantitative risk reporting.
• Proactively identify and effectively communicate emerging technology risks and opportunities to stakeholder at all levels of the organization.
• Increase awareness and enhance risk culture across the organization and provide day to day risk and control advise as trusted 2nd line subject matter expert.
• Champion and advocate the ownership of technology risk management, ensure risks are understood and managed within approved risk thresholds.
• Establish strong relationships with key stakeholders across AIA Vietnam and understand strategic goals of business to assure their technology risks are adequately understood and mitigated.
• Provide 2nd line reviews of risk assessments to identify key risks and gaps as required and provide assurance on the effectiveness of the technology and information risk controls and oversee the operationalization of control processes.
• Provide security and control review on major technology initiatives to ensure that Group Security standards and requirement are met, and risk mitigation are appropriately implemented
• Support Technology Risk and Control Self-Assessment (CSA) and effective risk management practices and recommend actions to be taken as needed via various risk committees for execution.

Business Continuity Manager (30%)

• Maintain the corporate wide business continuity program that addresses disaster recovery, business recovery and emergency response management
• Help the business functions to conduct periodic Business Impact Analysis, identify recovery requirements and work with the business continuity coordinators to develop and implement recovery plans in the event of a business disruption.
• Plan and coordinate all business continuity testing and exercises. Coordinate and facilitate regular, complete, and meaningful BCM tests and post-exercise reports.
• Work closely with IT, Operations, and other departments to develop/maintain DR plans for critical systems and applications and to ensure that internal recovery sites are updated and functioning properly. This includes reviewing business impact analysis reports and conducting challenge sessions to ensure appropriate tiering and RTO levels are assigned.
• Lead and manage Company's BCM readiness assessment for Third Parties.
• Perform threat and risk assessment pertaining to Business Continuity to identify points of vulnerability, single points of failure and identify risk avoidance and mitigation strategies.
• Develop and deliver appropriate BCM education and awareness programme.

Operational Risk Management(10%)

• Challenge, monitor and advise IT, PMO, HR, Property on department operational risk.

Strategic Project Risk Management (10%)

• Lead and facilitate periodic Risk Review meeting with the Project Manager(s) and key members of the project team, to ensure risk management processes are being appropriately utilized
• Review & endorse project risk assessment prior to business case approval
• Participate in bi-weekly or monthly project status meeting.
• Follow-up on risk register mitigating actions on a continual basis, through regular updates with Project Managers and Risk Owners.
• Provide project risk training to project team members.

JOB REQUIREMENTS:

• University graduate, professional certificate e.g CISA/CPA/CIA is advantageous
• 10+ years relevant industry or risk management experience
• Prior experience with technology risk
• Familiar with technology risk models and risk assessments
• Demonstrate effective collaboration and teamwork skills
• Able to build relationships at all levels, cultivating a broad network of contacts
• Strong communication and presentation skills
• Have a critical, though positive constructive mind-set
• Being accurate and thorough
• Being self-confident / self-empowered
• Being interested in continuously developing on expertise and knowledge;
• Ability to be firm when needed and flexible when possible;
• Competencies: Independence, Teamwork, Problem analysis & judgment, Decision making, Results oriented, Creativity & Adaptability, Listening skills & Empathy, Self-confidence / Self-empowerment
• Mindset: Challenge status-quo, Proactive, Collaboration, Personal Ownership, Think Forward