Assistant Manager – Digital Risk Management

KNOWLEDGE, SKILLS & EXPERIENCE

Academic

• Bachelor’s degree in Information Systems, Computer Science, IT, Risk Management, Engineering, or Finance.
  
• Postgraduate qualification in Information Security, Risk Management, or Technology Management is an added advantage.
  

Professional

• One or more of the following (or working towards):
  • CISA (Certified Information Systems Auditor)
    
  • CRISC (Certified in Risk and Information Systems Control)
    
  • ISO 27001 Lead Implementer / Lead Auditor
    
  • ITIL (risk or service management modules)
    
• Cybersecurity or digital risk training is desirable.
  

Desired Work Experience

• 4–6 years’ experience in technology risk, digital risk, IT audit, cybersecurity, or operational risk within a bank or regulated institution.
  
• Demonstrated exposure in:
  • Digital banking platforms (mobile, internet, APIs)
    
  • Technology risk assessments and KRIs
    
  • Cyber and fraud risk collaboration with IT and Security teams
    
• Experience supporting digital product launches or system implementations is a strong advantage.
  

Key Competencies:

• Strong understanding of digital banking risk landscapes.
  
• Ability to evaluate technology controls and system risks.
  
• Data-driven risk analysis and reporting skills.
  
• Cross-functional collaboration skills.
  

Digital Risk Identification & Assessment

• Identify, assess, and document risks associated with digital banking platforms, mobile banking, APIs, fintech integrations, and automation initiatives.
  
• Conduct risk assessments for new digital products, system changes, and third-party digital partnerships prior to go-live.
  

Risk Controls & Mitigation

• Evaluate adequacy of controls addressing digital, cyber, fraud, data, and operational risks within digital channels.
  
• Work with Legal, IT, Cybersecurity, IT Risk, DPO, Operations, Project, Digital Financial Services, and Product teams to strengthen digital risks’ preventive and detective controls during pre and post implementation
  

• Support up-to-date Risk Control Self-Assessment (RCSA) with Functional teams to strengthen digital risks’ preventive and detective controls during pre and post implementation and identification and validation of the sample control tests.
  

Digital KRIs & Monitoring

• Develop and monitor Key Risk Indicators (KRIs) for digital risks (e.g., system availability, transaction failures, fraud attempts, authentication issues).
  
• Identify emerging digital risk trends and escalate breaches of thresholds.
  

Incident & Issue Management

• Support investigation of digital risk incidents, near misses, and system disruptions.
  
• Track remediation actions arising from digital risk events, audits, and inspections.
  

Governance & Reporting

• Prepare digital risk dashboards and reports for Management Risk Committee and Board Risk Committee.
  
• Provide input into ICAAP, Operational Risk Assessments, and enterprise-wide risk reporting relating to digital risks.
  

Risk Culture & Advisory

• Embed “risk-by-design” principles in digital product development.
  
• Provide ongoing risk advisory support to Digital Banking, IT, and Innovation teams.
  

PERFORMANCE OBJECTIVES

• Institutionalize digital risk assessment at product design stage.
  
• Reduce notable digital risk incidents year-on-year.
  
• Maintain robust digital controls commensurate with Bank’s risk appetite.