Summary of Position

IT Operational Risk Analyst will be reporting to the IT Operational Risk manager. The candidate will participate and contribute to ensure IT operational Risks function fully meet its objectives and requirements in ISAP. IT Operational Risk Analyst identifies, assesses, and mitigates risks arising from internal processes, systems failures, or human errors, helping ISAP preventing losses; ensuring business continuity; and safeguarding against issues like cyber threats, system failures, and process gaps by monitoring risks, developing 2nd level of defense controls (supervisory controls), and collaborating with stakeholders to implement risk management framework and 1st level of defense controls (operational controls).

Main Responsibilities

Risk Oversight & Governance

Provide risk management oversight and support for management.
Support the IT Operational Risk manager in managing regular governance committees by preparing relevant risk reports and highlighting key issues and trends in the risk dashboard.
Implement the risk and control framework to ensure effective risk management.
 

Risk Assessment & Reporting

Manage ongoing and yearly risk assessments, attestations, and reporting activities.
Coordinate the implementation of operational risk assessment and supervision of 1st line of defense.
 

Self-Assessments & Control

Facilitate and coordinate self-assessment activities such as Risk & Control Self-Assessment and Regulatory Self-Assessment.
Conduct independent controls of 1st level of defense to complement control monitoring as 2nd level of defense, attestations, and review/reporting of regulatory compliance breaches and operational risk incidents.
Support operational teams in risk assessment and control plan review.
 

Audit Management

Contribute to audit management activities including pre-audit checks, fieldwork, and coordination with audit teams during and after audit engagements.
 

Risk Monitoring & Issue Tracking

Proactively identify risks by monitoring technology performance in risk and compliance management.
Track resolution of issues arising from regulatory breaches, operational incidents, special reviews, audits, and inspections.
 

Risk Culture & Awareness

Provide training and support to strengthen risk culture and awareness within the organization.

Requirements

University degree in information technology, computer science, or a related field.
Professional certifications such as CISA, CISM, or CRISC are advantageous.
At least 2 years in a risk & control or audit function within the IT domain (ideally IT infrastructure).
Extensive experience in managing or assessing the adequacy of controls over technology activities in a banking context.
Preferably possesses strong knowledge of corporate banking processes and products.
Strong ability to identify risks, assess control effectiveness, and recommend appropriate control enhancements.
Excellent analytical, organizational, and conceptual skills.
Proven experience in leading and managing projects.
Effective communication, presentation, and influencing skills.
Ability to liaise with stakeholders across multiple disciplines and levels.
Hands-on experience in developing solution using MS Office Suite, MS SQL, Visual Basic, Power BI or other technology would be desirable.
Exposure to AI implementation in the field of process and/or operational control enhancement is an advantage.

Bachelor and above in relevant discipline