Job Purpose *
1. Responsible for ensuring Group Technology maintains an adequate and effective first line of defense risk management program;
2. Promote and support Business and Support Management to ensure adherence with applicable banking laws, rules, regulations and internal policies, procedures and processes. Action plans should be developed to address the risk and control issues;
3. Enable the effective execution of the operational risk and compliance throughout the Bank/Group, with respect to identifying, quantifying, reviewing, evaluating and measuring risk to ensure that all compliance and risk categories are identified and managed in accordance with regulatory, internal policies and procedures requirements.
4. Supervise QA Testers/DCORO to ensure proper execution of all testing procedures and requirements. Identify and highlight gaps and areas of improvements when executing testing of samples.
Key Responsibilities *
Drive strong Operational Risk Management practices
1. Proactively manage the risk in Group Technology to reduce the likelihood or impact of negative impact events
2. Responsible to report and promptly escalate, where necessary, risks to the Head of Division/Department in a timely manner so that Heads of Division/Department have a clear view of the overall control effectiveness of their unit.
3. Execute the operational risk framework and all corresponding tools of the bank in a robust and disciplined manner so as to achieve sound risk management practices and reporting.
4. Proactively partner and engage with the second line of defense to achieve an optimal outcome of risk management for the CIMB Group.
5. Proactively validate division/ dept policies, procedures, SOPs for completeness and accuracy & sign-off on all SOPs, including validation of tests done by QA Testers/DCOROs
Promote and maintain regulatory compliance
1) To support the RCU Head in being the first point of contact in providing support and advice to the senior management and staff within the Division/Department for all compliance advisory matter. The RCU Head should resolve queries which are within their knowledge and expertise and promptly escalate the issues which are unfamiliar and/or require specialist advice/ knowledge to Group Compliance.
2) To execute all the policies and procedures owned by Group Compliance in a robust and disciplined manner so as to achieve sound compliance risk management practices and reporting within the Division/ Department. This includes ensuring that divisional/ departmental policy, procedures and standard operating procedures are well drafted to ensure the polices and procedures are well operationalised by the Division/ Department.
3) To support the RCU Head in proactively identifying, managing and monitoring the existing, new or emerging compliance risk using the appropriate compliance risk tools (e.g. RCSA, regulatory gap analysis, CET). This includes recommending appropriate action owners within the Division/Department to the Head of Division for any new processes/ controls to be established for addressing the identified risk.
4) To support the RCU Head in reviewing and ensuring the factual accuracy of any correspondences, responses or presentations from the Division/Department to regulators, including any periodic reporting to regulators. This includes to review and challenge for ensuring the below:-
• Facts in the correspondences, responses or presentations are correct;
• The applicable regulatory requirements quoted in the correspondences, responses or presentations are correct and are complied with;
• The regulatory expectations/commitments and regulatory deadlines are properly tracked for ensuring compliance;
• All the documents for submission to regulator are complete and in order.
5. To support the RCU Head in reviewing the business/products proposals, policies and procedures for ensuring all regulatory requirements are complied with. This also includes ensuring the subsequent fulfillment of conditions imposed on the business/product proposals, policies and procedures by the governing senior management committees, board committees, board and/or the regulator.
6. To support RCU Head in the initial setting up and subsequent refresher of RCSA for ensuring all the material compliance risks; including the new and emerging risks, are reflected in the RCSA. The RCS has to ensure the RCSA is timely updated for the overall completeness and comprehensiveness.
7. To support RCU Head in ensuring the proper reporting and timely escalation of regulatory breaches and/or compliance controls issues. This includes:-
• To ensure LED and CIM is properly raised by DCORO;
• To ensure there is adequate assessment of impact (both financial and non-financial), adequate preventive and corrective measures and timely escalation;
• To properly track the closure of action plans being identified for the regulatory breaches and/or compliance control issues.
8. To perform the regulatory gap analysis in a timely and comprehensive manner for the new and/or updated legal and regulatory requirements and ensure adequate processes and/ or controls are in place for regulatory compliance.
9. To provide oversight for the performance of compliance controls CET and/or thematic testing by the QA testers.
10. To act as the main liaison in relation to all compliance related matters within the Division/Department and with 2nd LOD.
11. To plan and/or execute the thematic review identified by RCU Head. To work with the relevant stakeholders within the Division/Department to enhance the overall control environment to mitigate the compliance risk and/or regulatory breaches.
12. To support RCU Head for the preparation of the compliance training materials and to conduct the training to the relevant staffs.
13. To assist RCU Head for the surveillance of AML and Counter Financing of Terrorism (CFT) risk indicators, including overall management of these risks and any reporting, where required.
Champion the Risk Culture
1) Establish a reverence for strong risk management by applying knowledge and understanding of business products, services and processes
2) Facilitate strong partnerships across various stakeholder groups, determine best methods of communication and establish escalation model
3) To ensure an alignment of tasks between the 3 lines of defense to minimise overlap or gaps arising during execution of role and responsibilities
4) Assist the RCU Head in his/her duties to raise awareness and improve on the capabilities of operational risk and compliance, within the Department
5) Ensures that every business and support unit within the Department has appropriate RCS, DCORO and QA testers and the appointment is properly executed via GHR
6) Track and maintain an updated list of the RCU team members (onboarding and offboarding) within the Department
7) Facilitate all relevant training within the Department and cascade relevant risk information or program updates to the RCU team including DCOROs and QA testers and respective business heads
8) Provide guidance as needed to support RCU team in their role
9) Establish a reverence for strong risk management by applying knowledge and understanding of business products, services and processes
10) Facilitate strong partnerships across various stakeholder groups, determine best methods of communication and establish escalation model
11) To ensure an alignment of tasks between the 3 lines of defense to minimize overlap or gaps arising during execution of role and responsibilities
12) Compile and analyse risk data for themes and trends; raise awareness of emerging risks in the industry and recommend mitigation measures
13) Facilitate all relevant training within the Division/Department and cascade relevant risk information or program updates to DCORO and relevant staff (including control testers)
14) Provide guidance as needed to support DCORO and control testers in their role
Employee Engagement and Development
1. Comply with HR performance processes and meet internal Risk Controls Tester KPIs
2. Complete the required training assignment and ensure solid understanding of the framework, tools and system.
3. To involve in training for growth oriented; skills knowledge in risk & controls development
Any other responsibilities/tasks as assigned by the Management from time to time.
Job Specification
Qualifications
(Basic Degree/Diploma etc) A Bachelor’s Degree in Information Technology, Computer Science or equivalent.
Key Dimension of Impact *
This section determines the significant quantities on which the job has some direct and indirect impact. Thus, please provide numerical data which gives a feeling for the scope and the scale of the job. Eg,
Financial: Annual budgets, cost, annual turnover, AUM, sales turnover etc
Non-financial:significant volume associated with the job
Job Specification *
Qualifications
(Basic Degree/Diploma etc) A Bachelor’s Degree in Information Technology, Computer Science or equivalent.
Professional Qualification and/or Regulatory, Licensing requirements • It will be a huge advantage if have professional qualifications: -
o CISA,
o CRISC,
o CISM,
o CISSP.
Relevant Work Experience • Extensive experience with large-scale environment including skills and in depth understanding of IT and business applications and system.
• Extensive risk management and governance experience (minimum 10 years) which includes definition and implementation of IT and IT risk management related policies and procedures
• Good knowledge and grasp of banking practices and products at a higher level and awareness of the BNM policies/guidelines and other regulatory framework
• Good command of Risk disciplines
• Excellent in communication and technical writing skill in English
Required Competencies and Skills *
Competencies/Skills
(Essential to succeed in this job)
a. Highly result oriented and able to work independently.
b. Ability to build relationships and interact effectively with internal and external parties.
c. Good analytical, written and oral communication skills.
d. Good presentational skills.
e. Ability to work with different cultures in an increasingly global environment as regional role.
f. Demonstrated managerial, leadership and facilitation skills.
Copyright © 2026 Grabjobs Pte.Ltd. All Rights Reserved.