CIMB Group logo

Lead, GDAI - GPQ - Governance, Regulations and Protection MY

CIMB Group
1 day ago
Full-time
On-site
Malaysia
Description
  1. Establish First Line of Defense: Lead and maintain an effective governance and risk management program for the Group Data and AI (GDAI) division.
  2. Ensure Regulatory Compliance: Guarantee strict adherence to banking laws, PDPA, and internal policies by developing robust action plans to address control gaps.
  3. Enable Data & AI Innovation: Quantify and manage risks related to confidentiality and AI ethics to facilitate the safe execution of the Bank’s data strategies.
  4. Maintain Governance Frameworks: Assess and ensure the effectiveness of Privacy and AI frameworks through continuous monitoring and procedural updates.

  5. Third-Party Oversight: Evaluate the compliance of external Data Processors to ensure they meet the Bank’s standards for data protection and responsible AI use.

     
   

 

    
Scope of the Role     
  1. Strategic Support: Assist the Head of Data & AI Governance in managing compliance risks across all covered legal entities.
  2. DPO Deputization: Support the Data Protection Officer (DPO) for Malaysian entities as required by the Personal Data Protection Act.
  3. Regulatory Liaison: Act as a key point of contact for external regulatory examinations and coordinate with RCS/RCU heads to resolve regulatory concerns.
  4. Consultation: Serve as the primary point of contact for bank-wide projects, ensuring all data and AI-driven initiatives undergo mandatory governance review.

 

 

    
Key Responsibilities       

Drive strong Operational Risk Management practices

 

  1. Proactively manage risks within GDAI to reduce the frequency and impact of negative operational events.
  2. Promptly report and escalate identified risks to the appropriate RCU Head or DPO, ensuring they have full visibility into control effectiveness.
  3. Execute the Bank’s operational risk framework and tools in a robust, disciplined manner to achieve sound reporting practices.
  4. Partner actively with the Second Line of Defense (2LOD) to ensure optimal risk outcomes for the Group.
  5. Validate divisional frameworks, policies, and SOPs for accuracy and prepare governance papers for necessary updates.

 Promote and maintain regulatory compliance

  1. Implement Group Compliance policies specifically relating to Data Management, Privacy, and AI functions.
  2. Provide mandatory bank-wide advisories to staff and project teams regarding Data Management, Personal Data Protection, and AI Governance to ensure "Compliance by Design."
  3. Act as the Subject Matter Expert (SME) for bank-wide consultation, providing formal advisories that translate complex regulatory requirements into actionable guidance for business units.
  4. Draft and operationalize divisional procedures to ensure Group-level policies are effectively translated into daily activities.
  5. Identify and monitor emerging compliance risks using tools such as RCSA, regulatory gap analysis, and CET.
  6. Review all regulatory correspondence and presentations for factual accuracy and ensure all deadlines and commitments are met.
  7. Evaluate business proposals and products to ensure full compliance with regulatory requirements and subsequent board-imposed conditions.
  8. Collaborate with RCS and RCU Heads to maintain and refresh the RCSA, ensuring all material and emerging risks are captured.
  9. Reporting of regulatory breaches, performing deep-dive impact analysis (financial and non-financial) and tracking action plans to closure.
  10. Perform timely regulatory gap analysis for new legal requirements and ensure necessary controls are implemented.
  11. Plan and execute thematic reviews (if required) and scheduled or ad-hoc training and awareness sessions for the Bank to enhance the overall control environment.

Champion the Risk Culture

  1. Promote a strong risk-aware culture by applying technical knowledge of business products and data processes.
  2. Align tasks across the Three Lines of Defense (3LOD) to minimize execution gaps or overlaps.
  3. Facilitate effective communication and escalation models across various stakeholder groups.
  4. Analyze risk data for themes and trends, raising awareness of emerging industry risks.
  5. Where required provide guidance and mentorship to RCU team members and control testers/ DCOROs to ensure performance standards are met.

Employee Engagement and Development

  1. Comply with HR performance processes and meet all internal Risk Control Tester KPIs.
  2. Complete mandatory training to maintain a high-level understanding of evolving frameworks and systems.
  3. Participate in growth-oriented training to further develop specialized skills in risk and control management.
  4. Perform any other tasks as assigned by Management to support the evolving needs of the department

 

    
Job Specification     

Qualifications 

(Basic Degree/Diploma etc)
  • A Bachelor’s Degree/Diploma  in Information Technology, Computer Science or equivalent.
  
Professional Qualification and/or Regulatory, Licensing requirements  
  • It will be advantageous to have professional qualifications: -
  • Data/Technology: CISA, CDPSE, CRC, CIPP, CRISC, CISM, CISSP, CSX, AIGP
  • Compliance or Risk (ICA/CRC or regulatorily recognized accreditation)
  
Relevant Work Experience 
  • Extensive experience with large-scale environment including skills and in depth understanding of IT and business applications and system.
  • Minimum 10 years work experience with relevant experience of IT risk/audit/compliance related role within the relevant business/function preferred

  • Good knowledge and grasp of banking practices and products at a higher level and awareness of the BNM policies/guidelines and other regulatory framework

     

  
Required Competencies and Skills     

Competencies/Skills

(Essential to succeed in this job)

 
  1. Excellent communication skills both, verbal and written. 
  2. An understanding of risk drivers and ability to articulate risk to non-risk personnel. 
  3. Knowledgeable about the regulatory compliance and risk management aspects of data, technology, and privacy
  4. Able to work autonomously 
  5. Demonstrated managerial, leadership and facilitation skills 
  6. Knowledge of the banking processes 
  7. #LI-AZ1