Senior IT Risk/Vendor Management (Techcom Life)

Job Purpose

• Manage weaknesses and risks in technology operations in the IT sector.
• Participate in identifying, managing and coordinating with departments to propose appropriate measures to prevent and minimize risks that may occur in the technology sector. 
• Organize and implement tasks to ensure compliance in the technology sector with regulations of State agencies, regulations of the Bank and international standards on technology applied at the Bank.

Key Accountabilities (1)

1. Technology Risk Management
- Perform the department's work in accordance with policies, regulations, procedures, internal guidelines... and service quality commitments (SLAs).
- Develop and organize the implementation of documents and risk indicators to detect and manage potential risks in the technology sector of Techcombank.
- Organize and implement risk assessments:
+ Take charge of conducting technology risk assessments; Organize self-assessment of risks in departments of the IT Sector; Participate in technology projects to detect risks, weaknesses, and risks in technology activities.
+ Advise and warn about potential risks, weaknesses, and risks of technology systems.
- Receive and manage newly arising risks:
+ Record and manage identified risk points.
+ Coordinate with relevant parties to handle risk items in accordance with the process (assess risk level, identify risk owners, handling plans, etc.).
- Monitor and periodically report on the status of handling technology risks to the Board of Directors of the Technology Block and related units:
+ Warn, monitor, check (results, evidence) and update the status of handling technology risks.
+ Chair meetings on risk handling.
+ Collect and report KRIs.
+ Periodically report on the status of handling technology risks.
- Coordinate with Operational Risk to deploy operational risk management tools in the IT sector at the Technology Block.
- Communicate to raise users' awareness of technology risks (design courses, implement communication messages on technology risks)
2/ Compliance management:
Develop regulations, processes, and checklists for technology compliance assessment at Techcombank.
- Organize planning and conduct periodic or ad hoc compliance assessments as required by the Leadership for technology activities to ensure compliance with the Bank's policies, regulations, and technology processes (in the field of operating technology systems, developing technology solutions and applications, ensuring information security, etc.).
- Organize compliance assessments in the technology field at headquarters, main/backup data centers, main/backup data transfer centers according to issued documents.
- Conduct assessments and monitor the maintenance of technology certificates applied at Techcombank.
- Manage non-compliance points and corrective and preventive actions in the technology field; Prepare periodic and ad hoc reports on non-compliance points and corrective status to management levels.
- Organize assessment of compliance status and organize implementation to ensure compliance with new regulations of State agencies in the technology field.
- Conduct training, communication, and raise awareness of staff about the responsibility to comply with regulations in the technology field of the Bank

Key Accountabilities (2)

Success Profile - Qualification and Experiences

University degree or higher, majoring in Information Technology/Telecommunications
Working experience: 5 years
Foreign language proficiency: English, Level 2 (TOEIC = 550 - 649) / or according to TCB's regulations from time to time
Other requirements (if any): Experience in developing policies and management in the field of technology risk management according to ISO 31000, ISO 27005, NISTs Risk Management Framework standards. Certificate/certification of completion of courses on risk management and technology risks.
Compliance assessment:
- Have knowledge and skills in performing assessment and auditing activities in the field of technology.
- Have participated in inspection and assessment activities of IT systems and IT activities.