Assistant Manager, IT Risk (Security System, Third Party Risk)

About the Company We are a well-established Malaysian banking group providing comprehensive financial solutions across Consumer, SME, Commercial, Corporate, and Islamic banking segments. With a strong nationwide presence supported by retail branches, business centres, and digital banking platforms, we are committed to delivering secure, innovative, and customer-centric financial services.

Job Title: Assistant Manager, IT Risk (Security Systems & Third-Party Risk)
Location: Malaysia
Industry: Financial Services

As part of our continued growth and digital transformation journey, we are seeking a high-calibre professional to join our Group Information Technology (IT) Risk team under Group Risk Management as an Assistant Manager, IT Risk (Security Systems & Third-Party Risk).

The Role

This role is responsible for supporting enterprise-wide IT risk management initiatives, with a focus on security systems oversight and third-party risk management. The successful candidate will play a critical role in safeguarding the Bank’s technology environment while enabling business growth and innovation.

Key Responsibilities

1. Security Systems & Cyber Risk Oversight

• Manage and assess technology and cyber security risks while ensuring business service commitments are met.

• Analyze security monitoring statistics including:

  • SOC alert notifications

  • Advanced Persistent Threat (APT) monitoring

  • DDoS attacks

  • Phishing incidents

  • Rogue mobile applications

• Monitor and report Key Risk Indicators (KRIs) and risk appetite metrics.

• Participate in simulated cyber-attacks and cyber drills to assess organizational resilience.

• Conduct post-incident reviews (PIR) and provide risk advisory on IT security incidents.

• Perform thematic IT security reviews (e.g., ransomware resilience, system end-of-life, capacity management).

2. Third-Party & Outsourcing Risk Management

• Manage IT and security risk assessments for Outsourcing Service Providers (OSP) and IT vendors.

• Conduct independent reviews of third-party technology controls.

• Ensure vendor compliance with regulatory requirements and internal policies.

• Oversee third-party risk reporting and ongoing monitoring.

• Support control assessments including RCSA, CSA, KRI, and Loss Event Data (LED) related to IT risk.

3. Independent Risk Reviews & Advisory

• Bridge security and business functions through independent risk reviews.

• Review business proposals, projects, and initiatives to ensure technology and cyber risks are adequately mitigated.

• Provide consultative advice on IT security, infrastructure, penetration testing, BCM/DRP, and regulatory compliance.

• Assess emerging technology risks including automation, biometrics, chatbots, AI, and digital platforms from a risk perspective.

4. Frameworks, Policies & Governance

• Develop and review IT Risk Management Frameworks and related policies.

• Align technology and cyber risk controls with regulatory expectations (e.g., RMiT, MCIPD).

• Support regulatory and audit engagements by ensuring timely closure of findings.

• Prepare periodic IT and cyber risk reports for senior management and Board committees.

5. Regulatory & Reporting Responsibilities

• Ensure compliance with regulatory requirements related to technology risk and cyber security.

• Perform daily cyber event reporting to the regulator based on SOC analysis.

• Provide awareness training and guidance to internal stakeholders on IT risk controls and regulatory obligations.

Requirements

Experience

• Minimum 5 years of experience in Risk & Compliance within a banking or financial services environment.

• At least 2 years of experience in IT security, digital risk, cloud risk, or third-party risk management.

• Experience in managing vendor risk and outsourcing governance is highly desirable.

• Exposure to regulatory requirements within the financial services industry.

Knowledge & Technical Competency

• Strong understanding of information systems, security controls, and banking regulatory requirements.

• Familiarity with IT risk management tools including RCSA, KRI, CSA, and LED.

• Knowledge of cyber incident management and industry security standards.

• Understanding of regulatory guidelines relating to technology risk and customer data protection.

Professional certifications such as CISSP, CISM, CRISC, CCSK, or ISO 27001 Lead Auditor will be an added advantage.

Why Join Us?

• Opportunity to play a strategic role in strengthening enterprise-wide IT and cyber risk governance.

• Exposure to complex security systems and third-party risk management frameworks.

• Collaborative environment within a reputable financial institution.

• Career growth within Group Risk Management.

Do note that we will only be in touch if your application is shortlisted.

Agensi Pekerjaan Robert Walters Sdn Bhd
Business Registration Number : 729828-T
Licence Number : JTKSM 423C