Expert, IT Administration (40001107)

Job Purpose

• Manage weaknesses and risks in technology activities in the Industrial Division.
• Participate in identifying, managing and coordinating with departments to take appropriate measures to prevent and minimize risks that may occur in the technology field.
• Organize and carry out work to ensure compliance in the field of technology with regulations of state agencies, regulations of the Bank and international standards on technology applied at the Bank.

Key Accountabilities (1)

1. Technology risk management.

• Carry out the work of the department following policies, regulations, internal processes, instructions... and service quality commitments (SLAs).
• Develop and organize the implementation of risk documents and indicators to detect and manage potential risks in Techcombank's technology sector.
• Organize risk assessments:

+ Preside over the implementation of technology risk assessments; Organize risk self-assessments in departments of the Industrial Sector; Participate in technology projects to detect threats, weaknesses, and risks in technology activities.
+ Consulting and warning about potential dangers, weaknesses and risks of technology systems.

• Receive and manage newly arising risks:
+ Record and manage identified risk points.
+ Coordinate with relevant parties to handle risk items according to the correct process (assess the risk level, identify risk owners, handle plans,...).
• Monitor and periodically report on the status of technology risk handling to the Industrial Sector Board of Directors and relevant units:
+ Warn, monitor, check (results, evidence), and update the handling of technology risks.
+ Chair meetings on risk handling.
+ Collect and report KRIs index.
+ Periodically report on the status of technology risk handling.
• Coordinate with Operational Risk to deploy operational risk management tools in the IT segment at the Technology Division.

• Communication to raise users' awareness of technology risks (designing courses, implementing communication messages about technology risks)

Key Accountabilities (2)

2/ Compliance management:
Develop regulations, processes, and checklists in technology compliance assessment at Techcombank.
• Organize planning and implementation of periodic or unscheduled compliance assessments at the request of Leadership for technology activities to ensure compliance with the Bank's policies, regulations, and technology processes ( in the field of technology systems operation and development technology solutions and applications, ensuring information security,...).
• Organize compliance assessment in the field of technology at headquarters, main/backup data centers, and main/backup data transfer centers according to issued documents.
• Evaluate and monitor the maintenance of technology certificates applied at Techcombank.
• Managing non-compliances and corrective and preventive actions in the technology sector; Prepare periodic and extraordinary reports on non-compliance points and remediation status to management levels.
• Organize assessment of current compliance status and organize implementation to ensure compliance with new regulations of state agencies in the field of technology.
• Implement training, communication, and raise staff awareness about the Bank's responsibility to comply with regulations in the technology sector

Key Relationships - Direct Manager

Director IT Operational Risk

Key Relationships - Internal Stakeholders

Other units in the IT & relevant departments in the Bank

Key Relationships - External Stakeholders

Partners providing professional services

Success Profile - Qualification and Experiences

Qualification:
- University degree or higher, majoring in Technology
- English language proficiency is at the advanced level (can communicate in complex situations)
Experience:
- 8+ years of experience in resource, finance, vendor, or audit management
- 5+ years of experience in continuous improvement

- Have knowledge and skills in performing evaluation and auditing activities in the field of technology.
- Have participated in inspection and evaluation activities of IT systems and IT activities.

- Prefer experience in building policies and management in the field of technology risk management according to ISO 31000, ISO 27005, and NIST Risk Management Framework standards. Have a certificate/certificate of completion. Courses on risk management and technology risks. Know about Cyber ​​Security.