Cyber, Information and Data Security Risk Manager - Open Finance

About the Role

Open Finance is seeking a proactive and detail-oriented Cyber, Information and Data Security Risk Manager to support the development, implementation, and continuous enhancement of the organization’s risk management, compliance, and information security frameworks.

This role is critical to ensuring adherence to applicable regulatory requirements — particularly those relating to Open Finance, cybersecurity, and data protection — while strengthening the organization’s overall security and risk posture.

Key Responsibilities

• Develop, review, approve, and maintain a comprehensive suite of risk, compliance, and information security policies, including but not limited to:
• Cyber and Data Security
• Information Security
• Conduct Risk
• Outsourcing and Third-Party Risk
• TPP Oversight
• Operational Risk
• AML/CFT
• Develop, implement, and maintain information security policies, standards, and procedures, including oversight of the Security Incident Response Plan (SIRP).
• Establish and continuously enhance the Information Security Programme, ensuring alignment with the evolving threat landscape, regulatory requirements, and business operations.
• Develop and drive implementation of the Information Security Strategy and Operational Plans, including short-term (annual) and long-range initiatives.
• Implement and oversee the Vulnerability Management Program, including coordination of:
• Vulnerability assessments
• Penetration testing
• Security audits
• Relevant forensic/security investigations (where applicable)
• Ensure outcomes from security testing and assessments translate into measurable improvements in the organizations security posture.
• Ensure the compliance and risk framework effectively covers all relevant risk types, including:
• Cyber and information security risk
• Data protection risk
• Conduct risk
• API and technology risk
• Third-party/vendor risk
• Reputational risk
• Consumer protection risk
• Monitor compliance with applicable data protection and information security regulations, and internal policies relating to data handling, retention, protection, and minimization.
• Conduct risk and control assessments relating to cyber, technology, information security, outsourcing, and operational risk.
• Perform periodic security and data protection reviews/audits, preparing findings, risk ratings, and remediation plans.
• Stay abreast of:
• Emerging technologies
• Evolving cyber threats
• Information security risks
• Regulatory and supervisory developments and ensure timely updates to controls, policies, and security frameworks.
• Assess and understand the security implications of new technologies, establishing governance processes to ensure secure adoption and regulatory compliance.
• Collaborate closely with Technology, Information Security, Risk, and Compliance teams to identify, assess, and mitigate cyber and data-related risks.
• Support internal control testing, regulatory reviews, and audits, including remediation tracking and closure validation.
• Report key risk themes, control gaps, and remediation progress to Senior Management and Governance Committees.
• Support protection of critical systems and infrastructure, ensuring confidentiality, integrity, and availability, including systems supporting Open Finance and payment-related operations.

Qualifications & Experience

• Bachelor’s degree in Law, Finance, Risk Management, Compliance, or a related discipline.
• 3–6 years of experience in compliance, risk management, or regulatory roles, preferably within financial services, fintech, or Open Finance environments.
• Strong knowledge of regulatory requirements, data protection, cybersecurity, and risk management frameworks.
• Hands-on experience with audits, regulatory reporting, and policy development.
• Professional certifications (e.g., CAMS, CRCM, ICA, CISA) are considered an advantage.

Skills & Competencies

• Strong analytical, risk assessment, and problem-solving skills
• Excellent written and verbal communication abilities
• High attention to detail with strong documentation capabilities
• Ability to work effectively across functions and engage with senior stakeholders
• High ethical standards and strong awareness of confidentiality and data protection obligations