Responsible for implementing the Bank's risk management framework in the IT (Information & Technology) Division which is manifested by implementing risk management practices and processes as part of the overall cyber security and resilience strategy set by the Bank's Management.
Analyzing potential security, financial and privacy threats that may be faced by the Bank in the realm of use or utilization of IT.
Monitoring risk assessment, which consists of analyzing, identifying, describing, and measuring risks impacting the IT Division. In this case, related aspects include the management and maintenance of the risk register and the routine implementation of RCSA (risk and control self assessment).
Evaluating risks, namely comparing potential risks with criteria set by the Bank such as information security, financial, reputational aspects, and regulatory requirements, as well as evaluating the Bank's previous risk management posture to create a historical context for the development of IT risk management at the Bank.
Managing all applicable IT risk factors, such as possible system failure or data loss.
Assisting the business continuity plan development process led by the business from a risk management aspect. Namely, providing input and direction so that risk aspects are always considered and handled in the business continuity plan.
Developing and maintaining good communication channels with other risk partners within the Bank, such as the Risk Division, Compliance Division, etc.
Raising risk awareness, providing education and training to employees within the organization
What you need to have:
Bachelor Degree in Computer Science or related
Min 7 years experience in IT Risk Management in the banking or telecommunications industry
Have knowledge of risk management frameworks or standards such as ISO 31000 or ISO 27005
Have knowledge of IT compliance and regulations related to risk management or cyber security such as POJK No.11/POJK.03/2022
Have experience in risk analysis and detection which also includes potential information security vulnerabilities.
Experienced in coordinating, both verbally and in writing, to deal with the Bank's main IT risks and create effective IT risk management solutions.
Have basic knowledge of information technology including aspects of security, infrastructure, software development, and incident handling.
Understanding of the business environment in operational, policy, and risk (internal and external) aspects.
Experience in preparing IT risk management plans, including providing consultations for the selection of appropriate mitigation controls.
