Crisil - Technology Risk Management Role

- Support the Technology Risk Management (TRM) division of an APAC based Asset Manager

- Implement TRM Framework: Implementation of the Local Business Unit (LBU) Technology Risk Management (TRM) framework, ensuring alignment with local and regional requirements.

- Provide Expertise and Guidance: Offer technical and best practice guidance on information and technology risk, taking into account platform-specific and regional complexities. IT Risk Indicators: Manage and review standardised IT key risk indicators/metrics submission from all various IT Functions for analysis and early identification of risk trends.

- Risk Appetite and Key Metrics: Establish and roll out the information and technology risk appetite and key risk metrics for effective management oversight.

- Risk Register Monitoring: Proactively monitor the LBU risk register and escalate any potential risk areas for Group- level reporting, ensuring risks are appropriately rated and mitigated.

- Collaborate with various stakeholders: Maintain a trusted, collaborative relationship with stakeholders to promote engagement in TRM activities and reporting requirements, including the preparation and collation of the Group Risk Committee's Risk Pack.

- Risk Culture: Promote a strong risk management culture across LBU stakeholders, focusing on managing information and technology risks effectively.

- Support Periodic Risk Reporting: Assist the LBUs 2nd line ORM/ERM in ensuring timely and accurate reporting of

information and technology risk matters to the LBU risk committee.

Experience / Qualification:

1. Relevant experience, with compulsory experience in Technology or Risk Management/Audit.

2. Candidates should demonstrate experience in identifying, managing, and reporting risks and controls in at least

three or more of the following areas:

- IT Infrastructure Management: Networks, platforms (e.g., IBM, Unix, Windows), middleware, and databases.

- IT Operations: Data center management, backup, batch processing, incident and problem management.

- Application and Interface Security: Ensuring secure development practices.

- Application Development and Change Management (SDLC): Experience with the full software development lifecycle.

- IT Project Management/Delivery: Overseeing projects from initiation to completion in any specific risk / technology

capacity.

- Third-Party Risk Management: Managing vendor risks effectively.

- IT Service Management: Familiarity with frameworks such as ITIL.

- Identity and Access Management (IAM): Experience with tools like SailPoint, CyberArk.

- Cybersecurity: Familiarity with frameworks like NIST, and experience with security tools and operations.

3. Candidates with the relevant certifications in areas such as Technology Risk Management, Technology Audit, IT

Management, Cybersecurity, Cloud, Software Engineering, or Project Management will have additional advantage.

Examples include:

- Risk Management: CRISC (Certified in Risk and Information Systems Control)

- Audit: CISA (Certified Information Systems Auditor)

IT Service Management: ITIL Foundation, PRINCE2, PMP

- Cloud/Network: Microsoft Certified Azure Solutions Architect Expert, (ISC)- CCSK, CompTIA Cloud Essentials

- IT/Information Security: CISSP, CISM, CompTIA Security+

- Software Development: DevOps Engineer Professional, Google DevOps Engineer, Microsoft Certified Solutions

Developer

4. Skillsets in coding e.g. Python, and intelligence dashboards like PowerBI would be advantageous.