Ensure that the technology department is run in a manner compliant with both internal (group, country) policies and frameworks, Guidelines, Operations Manuals, and external regulatory act, notices, circulars and guidelines:
- Manage all IT related audits, Regulatory inspections, and IT Outsourcings (intra group and 3rd party)
- Reviewing internal IT processes and controls to identify security operations gaps, risks and mitigation strategies based on MAS TRM Guidelines, and RHB Group Frameworks and Policies, Standards, Guidelines and OM/SOP.
- Reviewing IT processes and controls to identify security operations gaps, risks and mitigation strategies for outsourced providers (both intragroup and 3rd Party) of IT systems and operations based on TRM and Outsourcing guidelines.
- Be a key stakeholder and technology partner on the bank Digital journey.
- Foster and champion bank PRIDE values within the technology department and imbue the department with a culture of teamwork, innovation, discipline, resiliency and dedication to how work is approached.
Strategy, Planning, Mgmt. Reporting
- Provide expert advice and support to technology management in the area of expertise
- Contribute in the formulation a comprehensive Branch IT strategy covering IT policies and procedures, security, architecture, business solutions and operational functional requirements
- Keep abreast of regulatory developments both MAS and BNM via group published policies and frameworks and guidelines
- Provide mentorship, support and guidance to colleagues, share information and facilitate problem solving
- Contribute in the yearly budgeting for IT expenditures and investments
- Ensure IT assets are protected and secure.
- Ensure IT operations run in a manner consistent with high score from audit, risk, compliance assessments. The following to be operationalized as standard procedure against all IT asset components – IT Governance and Service Continuity related.:
- Administrative Accounts – All admin accounts lodged into PAM solution per Group IT Security guidelines and MAS notice 655 point 4.1
- Patching – Patch notification process established with vendors and patch calendar updated, upon patch release assessment and implementation as needed Per patching guidelines and MAS notice 655 point 4.2
- Hardening - Per component definition and enforcement against SG security standard and Group IT Security guidelines and SG addendum/s and MAS notice 655 point 4.3
- Network Perimeter Defense – Network traffic and segments, firewalls, proxies, DNS, VPN access setup in secure manner per group IT security guidelines and MAS notice 655 4.4
- Malware – IT Security consulted and all required IT security protections installed on IT assets per MAS notice 655 point 4.5
- Multi-factor Authentication – MFA, where applicable implement MFA of administrative and internet accounts with access to customer information using PAM per MAS notice 655 point 4.6
- Logging and Monitoring – Security, Capacity, Downtime, Audit
- Capacity Mgmt. – Pre-emptive monitoring, planning and tracking of capacity upgrades as needed
- EOL/EOS Upgrades – Per group guidelines. Track upgrades and/or do risk assessment and deviation approval. For specific case of ITSM system also execute the upgrade.
- Housekeeping – scripted clean-ups and truncations of logs and temp files after necessary archives executed
- Backups – Required backup strategy per backup guidelines operationalized to central Backup Platform. Recurring scheduled backup validation activities scheduled and performed ongoing to ensure backups working per need.
- Coordinate and conduct recurring privileged access review
- Setup and Track adequate controls in IT related processes to ensure regulatory and audit compliance.
- Track compliance with the Bank’s IT Security policies, applicable laws and statutory regulations. In particular:
- MAS notice 644
- MAS notice 655
- MAS Circulars
- MAS TRMG guidelines
- MAS Outsourcing guidelines
- Group IT Security Guidelines
- SG IT related guidelines and addendums
- Co-ordination and point of contact for Compliance circulars and response back
- Co-ordination and point of contact for Audit engagements and tracking follow ups reporting (MAC, BAC) and closure
- Conduct assurance for Outsourcing related both onboarding, and recurring assessments for material outsourcing
- Co-ordination for IT Department ops and risk related recurring activities such as RCSA, BIA, Risk related indicators, interested party’s declarations, mandatory training, compliance leave taking.
- Identify technology risk management. gaps, vulnerabilities, associated risks and formulate mitigation strategies for intra group and 3rd party outsourced arrangements.
- Conduct periodic MAS TRM based assessments on IT systems
- Write Memos to authorize procurements – IT Governance and Service Continuity related.
Application and Systems Development / New Platform Acquisition
- Conduct TRM based assurance reviews of new workloads.
- Where new projects involve outsourcing, co-ordinate the outsourcing due diligence and onboarding process.
Regulatory and Procedural Expertise
- Keep up to date and refreshed on required reading related to guiding how IT must be run in a regulated Financial institution. Minimum read list:
- MAS Technology Risk Management Guidelines (TRMG)
- MAS Notice 644 – Technology Risk Management.
- MAS Notice 655 – Cyber Hygiene
- MAS Outsourcing Guidelines
- RHB Group IT Security Guidelines and SG addendum/s
- SG Patching Guidelines
- SG Backup Guidelines
- SG Technology Department Operational Manual (OM)
- SG IT Standard Operational Procedures (SOP), and System Manuals (SM)
- SG Procurement Operational Manual (OM)
- Ensure Staff are trained to the equivalency in regulatory and procedural expertise.
- Obtain latest consults and new versions of MAS guidelines and notices and ensure IT department notified and trained.
- Participate in Monthly Technology Department meetings.
- Participate in regular Team meeting.
- Use Department issue and work tracking platform.
- Maintain and keep up to date team knowledge base and assist in updating team document assets such as system manual / standard operating procedures (SOP), and operations manuals