Job Description

Risk and Audit Manager for Technology is responsible for developing and implementing risk management and audit programs to ensure the security, compliance, and resilience of our technology infrastructure. 


He/She will be the main point person in the conduct of any risk/audit assessment to the Technology Team. He/She will also be the appointed as DCRisk Management:


• Conduct comprehensive risk assessments of technology systems, identifying potential vulnerabilities and threats.

• Develop and implement risk mitigation strategies and action plans.

• Collaborate with technology leaders to integrate risk management into project planning and execution.


Audit Planning and Execution:

• Develop and maintain an annual technology audit plan in alignment with organizational objectives and regulatory requirements.

• Conduct self/internal audits of technology processes, controls, and systems.

• Coordinate and liaise with internal audit and external audit firms as needed.


Compliance Assurance:

• Ensure technology operations comply with relevant laws, regulations, and industry standards.

• Stay abreast of changes in regulatory requirements and update policies and procedures accordingly.

• Develop and deliver compliance training to technology teams.


Incident Response and Continuity Planning:

• Collaborate with the technology and security teams to develop and implement incident response plans.

• Participate in post-incident reviews and identify areas for improvement.

• Contribute to the development and testing of business continuity and disaster recovery plans.


Documentation and Reporting:

• Maintain accurate and up-to-date documentation of risk assessments, audit findings, and remediation plans.

• Prepare and present reports to technology leadership and other relevant stakeholders.

• Track and report on the status of risk management and audit initiatives.ORO for Technology


  • Advanced certifications such as CISA, CISSP, or CRISC are a plus.
  • Proven experience (> 5 years) in risk management, internal audit, or a related field within the technology sector.
  • In-depth knowledge of technology risk, cybersecurity, and regulatory compliance.
  • Strong analytical and problem-solving skills.
  • Excellent communication and interpersonal skills.
  • Familiarity with industry frameworks and standards (ISO 27001, NIST, etc.).

Go Beyond Banking with CIMB Bank

Download the all-new CIMB Bank PH app and enjoy an enhanced digital banking experience that's fast, easy, and more convenient than ever!