Cyber and Data Risk Management Senior Manager

Prudential’s purpose is to be partners for every life and protectors for every future. Our purpose encourages everything we do by creating a culture in which diversity is celebrated and inclusion assured, for our people, customers, and partners. We provide a platform for our people to do their best work and make an impact to the business, and we support our people’s career ambitions. We pledge to make Prudential a place where you can Connect, Grow, and Succeed.

This role is to:
· Ensure the formation of LBU Technology Risk Management framework and the successful rollout and implementation within the LBU.
· Provide technical and best practice guidance on cyber & data protection risks taking into account specific platform and regional complexities and issues.
· Work closely with LBU operational risk management team in managing LBU cyber & data protection risks.
· Ensure the formation of the information and technology risk appetite and key risk metrics for management oversight and the successful rollout within the LBU.
· Proactively monitor LBU risk register and to escalate any potential risk area for Group level risk reporting
· Work closely with LBU ORM to review LBU risk register to ensure the risk rating, treatment plan and target completion date are able to reduce/ mitigate the risk in reasonable basis.
· Promote a risk culture to LBU stakeholders in managing cyber & data protection risks.

- Perform oversight of the security and privacy incident. Ensure proper escalation of incident as per LBU incident management process and group CSIRP. Review the recovery, remedial, and preventive action taken by 1st Line is effective in managing security and privacy incidents.

- Review the effectiveness, and completeness of the Risk and Control Self-Assessment (RCSA). Ensuring that risks are properly articulated, control are effective in ensuring risk are adequately managed. Performs control testing for key Technology and Privacy related risk as part of RCSA

- Review accuracy/ completeness of reporting, ensuring security and privacy risks are properly identified and articulated. Prepare and submit Technology Risk (which includes Cyber and Data Protection risks) update to LBU risk committee/ relevant forum. Collect data for KRI reporting

- Review BISG metrics trend and review the effectiveness of actions/ controls implemented by 1st line. Escalate overdue issues and gaps to senior management/ and Risk Committee where appropriate.

- Review the effectiveness of GwISP solution, overall implementation plan- e.g., timeline.

- Pre-audit review of effectiveness of controls (ideally should be on on-going basis). Review completeness of Issue Self- identified and Being Actioned by Management (ISBAM).

- Provide oversight on IT and security spending. Review ACR and PIR to ensure that objectives are met

- Review the completeness and effectiveness of the training and awareness session conducted by 1st line. Enhance TRM in1st line by conducting training/coaching.

- Review and ensure access (e.g., Cloud Storage, SFTP, RMD) are properly reviewed and approval is valid with proper business justification.

- Review the completeness and adequacy of the review performed by 1st line for PIA and SIT.

- Review the completeness and adequacy of the review performed by 1st line for TISQ.

- For DLP rules, review and ensure access are properly reviewed and approval is valid with proper business justification. Review DLP rules and effectiveness of DLP controls.

- Review the completeness and adequacy of documentation, controls, ensuring that risk is properly articulated, and controls are in place e.g., Risk and Materiality Assessment, Critical System Assessment, Cloud Risk Assessment, Could Consultation Presentation, Internet Insurance Attestation, etc.

Others:

- Proactively look for better ways to improve the effectiveness of the risk management activities.

- Other tasks to be assigned by the Line manager or CRO of Company’s management (if any).

Prudential is an equal opportunity employer. We provide equality of opportunity of benefits for all who apply and who perform work for our organisation irrespective of sex, race, age, ethnic origin, educational, social and cultural background, marital status, pregnancy and maternity, religion or belief, disability or part-time / fixed-term work, or any other status protected by applicable law. We encourage the same standards from our recruitment and third-party suppliers taking into account the context of grade, job and location. We also allow for reasonable adjustments to support people with individual physical or mental health requirements.