ICT & Operational Risk Manager

TL;DR

ICT & Operational Risk Manager (Cybersecurity): Lead end-to-end ICT risk reporting cycle and implementation of risk frameworks across Asia with an accent on cyber risk quantification, analysis, and stakeholder engagement. Focus on interpreting evolving digital and cyber risk requirements, conducting deep-dive analyses, and ensuring high-quality reporting aligned to global standards.

Location: On-site in Kuala Lumpur, supporting Asia business across Hong Kong and multiple markets

Company

A leading global insurer focused on Asia business.

What you will do

• Lead end-to-end ICT risk reporting, including monthly monitoring and quarterly deliverables
• Support implementation and enhancement of ICT risk frameworks across Asia
• Drive regional initiatives like cyber risk quantification and analysis
• Partner with Group and regional stakeholders to interpret digital and cyber risk requirements
• Work with local risk teams for accurate, timely reporting aligned to global standards
• Provide challenge and guidance to improve risk assessments and conduct thematic reviews
• Contribute to operational risk activities and enterprise-wide assessments

Requirements

• 5+ years in operational, ICT, digital, or cyber risk, ideally in financial services or insurance
• Experience in regional or multinational environments, engaging stakeholders across countries
• Strong understanding of technology and cyber risk frameworks, controls, and mitigation
• Excellent analytical skills to interpret complex data and identify trends
• Confident communication to simplify topics for senior stakeholders
• Proactive and self-driven in fast-paced environments

Nice to have

• Familiarity with ISO 31000, ISO 27001, COBIT, ITIL
• Exposure to cloud transformation, AI, or digital initiatives
• Certifications like CISA, CISM, CRISC, CGEIT, ITIL, ISO 27001
• Experience in enterprise risk management and assessments