Mizuho Bank logo

Vice President, Technology and Information Risk Manager

Mizuho Bank
Full-time
On-site
Singapore
Mizuho Bank is seeking an experienced Technology and Information Security Risk professional to join a newly formed team to oversee and manage technology and information security risks for the Asia Pacific region.
 
The APAC Risk and Control function is responsible for managing the design and execution of technology and information security risk management across the APAC regional entity, branches and subsidiaries to ensure that the Bank is in full compliance with the relevant Head Office (HO) policies / standards, procedures (HOP) and local regulatory requirements, and maintain the desired risk profiles.
 
Reporting to the Section Head, Risk and Control, APAC, this role will support the functional strategy within the APAC Risk and Control team in governing adoption and consistent execution of the Technology Risk management frameworks, and managing / maintaining regional Technology and Information Security risk portfolio for Mizuho. Provide ‘hands-on’ support to enable Regional CIO and CISO to manage their portfolio risk profiles and apply consistent risk management across APAC. Work with teams across the branches / subsidiaries to ensure processes and controls are maintained and accurate self-assessments reported to the HO. Ensure transparency and appropriate escalation of material risks through relevant governance processes in line with the applicable risk management frameworks.

Job Responsibilities 

Risk Management
  • Responsible to support in management and operation of technology risk management frameworks, including applicable policies, standards and procedures, which are adopted / run / overseen as part of the APAC Risk and Control function portfolio, in alignment with the Bank’s risk appetites
  • Support in the consistent embedding of the technology and information security risk management practices by enabling and educating branches / subsidiaries as required
  • Support in coordinating and facilitating engagements with all APAC Technology and Information Security teams as well as other stakeholders, including Japan HO, Operational Risk, Compliance and Internal Audit
  • Provide branch/subsidiary risk and governance reporting support for regional governance and oversight activities
Risk Identification, Assessment and Evaluation 
  • Operate and improve the existing technology risk management frameworks and their supporting processes / procedures
  • Support in providing a mechanism / process establishment to identify, assess and evaluate control risk to enable execution of Technology and Information Security risk management strategy across the branches / subsidiaries
  • Work with Head Office to review appropriateness of process design keeping standardization, control, client service and simplicity at the root of all processes
  • Work with relevant process owners and other control teams, including local country teams, to analyze root cause of any major incidents and identify failure points in controls and processes, as well as to support gap mitigation
  • Assess and evaluate operational risk events and provide challenge for root cause and remedial actions
  • Ensure regular reviews of risk items for trends and themes
Risk Response
  • Support appropriate risk responses in branches / subsidiaries to ensure that technology risk factors and events are addressed in a cost-effective manner and in line with business objectives
  • Evaluate risk response options for efficiency, effectiveness and economy, and support branch/subsidiary management for informed decision making
  • Ensure that all material risks identified are addressed within an appropriate timeframe
Risk and Control Monitoring
  • Monitor risk and communicate information to the relevant stakeholders to ensure the continued effectiveness of the Technology and Information Security risk management strategy
  • Timely collect and validate data that measure KRIs and branch/subsidiary management activities
  • Facilitate independent risk assessments and reviews of risk management process to ensure they are performed efficiently and effectively
  • Identify and report on risk, including non-compliance, to initiate corrective action and meet business and regulatory requirements. Ensure legal and regulatory requirements (e.g., HKMA SPMs, MAS TRMG, etc.) is sufficiently met through controls and processes in the Bank
  • Support and manage control performance of technology and information security related controls in branches / subsidiaries to ensure they function effectively and efficiently
  • Collect information and review documentation to identify control deficiencies
  • Review policies, standards and procedures to verify that they address the Bank’s internal and external requirements
  • Maintain sufficient, adequate evidence to support conclusions on the existence and operating effectiveness of technology and information security controls
Risk Governance
  • Constantly seek to provide improvement suggestions to raise the benchmark on information provided by Branches / Subsidiaries to raise risk awareness and improve controls
  • Support in producing regular trend analysis of key indicator exceptions, and identify systemic failures
  • Assist branches / subsidiaries in technology risk acceptance process in line with the relevant risk management frameworks and HO governance process
  • Conduct trainings to improve awareness of APAC Risk and Control requirements and activities, including cyber awareness, known industry standards and other good control practices




Job Requirements 
  • Bachelor’s Degree in Computer Science, Software Engineering, Business Management, Accounting or related field
  • Minimum 11-year experience in the financial banking industries focused on technology operational risk (IT Service Management areas) and/or technology and information security risk related control or audit functions
  • Hands-on demonstrable experience of Risk and Control first line of defense
  • Team leadership / management experience across geographies is preferred
  • Regarded as an SME in the field and familiar with regulatory drivers and compliance
  • Deep technical knowledge and understanding of technology operating within financial institutions
  • Experience in designing / defining controls and control monitors (KCI/KRI) as well as KCSA or RCSA process
  • Experience in managing vendors and resource planning to achieve delivery end results through execution of the functional strategy
  • Relevant professional certifications (e.g. PMP, ITIL, COBIT, CISSP, CRISC, CISA, CISM, CGEIT and CDPSE)
  • Solid understanding of various Asia regulatory requirements (e.g. HKMA SPMs and MAS TRMG) and industry standards (e.g. COBIT and NIST)


Mizuho Bank ,Ltd is a subsidiary of the Japan-based Mizuho FG,Inc.(listed on the Tokyo Stock Exchange and NYSE)and is one of the largest financial services companies in the world. Mizuho Bank ,Ltd.provides financial and strategic solutions for the increasingly diverse and sophisticated needs of its clients with offices located in all the major cities of the world such as Tokyo, New York, London, Hong Kong and Singapore.