POSITION DESCRIPTION
The Head of IT and Cyber Risk Management Department is responsible for establishing, implementing, and managing the bank's IT risk, cyber risk, and information security risk management framework. The role ensures that technology and cyber risks are identified. assessed, mitigated, monitored, and reported alignment with the bank's risk appetite, regulatory requirements, and business objective.
DUTY & RESPONSIBILITY
- Lead and oversee the bank's IT and Cyber Risk Management framework and policy alignment with NBC TCRMG, industry standards, the risk management framework, the risk appetite statement, and business objectives.
- Identify, assess, monitor, and report technology and cyber risk across the core banking systems, digital channels, IT infrastructure, and other systems.
- Provide independent risk oversight and challenge technology information security and digital transformation initiatives, including new products and system changes.
- Oversee the cybersecurity risks, including data privacy, fraud enablement, third-party breaches, and operation resilience.
- Develop and enforce project governance standards, monitoring mechanisms, and performance dashboard initiatives for Head of Risk Management Division.
- Support ICT incident management and post-incident review, and provide recommendations ensuring lessons learned are embedded into risk controls.
- Oversee technology resilience, disaster recovery, and business continuity risk, including participation in testing exercises.
- Coordinate cross-department engagement and collaboration among the project team and stakeholders for project execution and reporting.
- Performs risk assessment and support tasks provided by Head of Risk Management, Chief Risk Officer, or the Board.
- Directly reports to Head of Risk Management Division/Chief Risk Officer.
Code of Conduct: Must strictly adhere to the Bank's Code of Conduct, Guidelines, and Human Resources Policies and Procedures to ensure the professionalism of the Bank and take immediate action to stop and report to Superior, Senior Management and internal control of any violations or misconduct.
-
QUALIFICATION
- A Bachelor's and/or Master's degree in Computer Science, Management Information Systems (MIS), or a related field.
- At least 5 years of experience in the banking industry with a role in IT Audit, IT Security or other related information technologies.
- At least 7 years of managerial roles and leadership in the areas of cybersecurity/business resiliency/IT risk strategies, principles, processes, and deliverables.
- Professional risk or security management certification, such as Certified in Risk and Information Systems Control(CRISC), Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), is highly desirable
- Strong understanding of IT and Cyber Risk Management Framework, assessment methodologies, and regulations.
- Experience implementing and managing risk controls in the banking industry.
- Excellent communication skills, including persuasion skills, active listening, and executive presentation.
- Passion and expertise in technology and cybersecurity domains, with an ability to be confident, respectful, and articulate when registering dissenting or unpopular opinions.
- Ability to collaborate effectively with colleagues, stakeholders, and leaders across multiple organizations to get consensus, socialize strategy and achieve objectives.
- Personal resilience—the ability to stay optimistic and keep people focused during crises or times of change.
- Ability to communicate complex technical risks in clear business terms.
- Strong judgment, decision-making, and crisis management capabilities.
How to apply
Interested and qualified applicants should submit your updated Cover Letter and CV stating the position applied for with your current photo (4x6) through hr@canadiabank.com.kh
