Hwee Yoong Kuan

• The Technology Governance Assurance Manager manages the IT governance to ensure compliance to the Bank’s policies, framework, standards, procedures, regulatory and legal requirements.
• Conducted periodic reviews of IT processes and controls to ensure governance and compliance with policies, framework, standards, procedures, and requirements.
• Planned, led, and conducted reviews of IT processes and operations to assess effectiveness and highlight potential risks, gaps, and improvement opportunities.
• Lead, direct and perform assessment of practices and standard operating procedures of IT support units.
• Conduct outsourcing risk assessments to ensure agreed levels of IT risk.
• Review and provide advisory to IT Supporting units for correspondences and updates with external parties.
• Liaise with internal, external and regulatory bodies to review queries and responses.
• Tracked and followed up on audit issues to ensure timely resolution and compliance with committed timelines.
• Conducted and facilitated awareness training programs.

To ensure the risk-taking activities remain within the approved risk appetites and consistent with the risk strategies. This includes, but not limited to, the implementation of the Technology Risk Management Framework and Cyber Resilience Framework, provides oversight on cyber risk management, and plays an advisory role on critical technology projects, including escalating issues in a timely manner.

• Planning, developing, implementing and reviewing the technology risk management policies, framework and procedures (includes internal control systems) on timely manner to ensure the Bank is in compliance with the relevant risk management set by the regulators.
• Formulating and facilitating effective implementation of Technology Risk Management Framework and Cyber Resilience Framework.
• Monitored developments in technology risk management landscape, updating and proposing mitigation measures to management for emerging technology/cyber risks.
• Establish robust processes for the systematic collection and analysis of relevant IT security incidents.
• Coordinated and compiled periodic reports on IT security management to inform Management and Board of the Bank’s overall risk status. Recommended and implemented timely risk mitigation measures.
• Perform independent technology risk assessment on new products or system proposals.
• Enforcing compliance with the enterprise wide technology risk management and other technology related regulatory requirements.
• Ensuring information assets and technologies are adequately protected.
• Completed ad-hoc assignments and additional duties as directed by the department head and senior management.
• Monitor and report IT risk management and risk control status of the bank.
• Participate in IT projects and initiatives to bring pro-active risk management focus into solutions.
• Assumed role of Business Continuity Management (BCM) Manager, creating and executing contingency plans to effectively manage crises.

KEY ACCOMPLISHMENTS:

1) Managed to organize and conduct IT risk assessment and gap analysis for the bank:

• Conducted risk assessment of SWIFT customer security controls framework to identify vulnerabilities.
• Performed gap analysis on BNM's Risk Management in Technology to identify deficiencies.
• Conduct an independent assessment on “Guidelines on Cyber Resilience for Participants of PayNet’s Services”
• Conducted BNM survey on data management and MIS practices to evaluate compliance.
• Establishment of Technology Risk Management Framework and Cyber Resilience Framework
• Material Risk Assessment
• Risk Assessment of Managing e-Banking Risks
• Managed to complete the assignment within the given deadlines including incorporating measures to address any inadequacies and the proposed action plans. Prepare the RMC (Risk Management Committee) Papers to review and recommend to CEO for recommendation and thereafter to Board Risk Management Committee (BRMC) and Board of Directors (BOD) for notation/ Approval. Subsequently submission to BNM and PayNet.

2) Project manager role on RMD visualization tool “Qlik Analytics Platform” project. Project management in development of an analytics tool to assist the division in driving data literacy and to get better flexibility with a data analytics platform.

3) Review IT policies, standards and procedures to verify that they address the organization's internal and external risk management requirements.

4) Design and implement IT risk management controls in alignment with the bank’s risk appetite and tolerance levels to support business objectives. Such as:

• Established of Complaints Handling to handle disputed transactions highlighted in Risk Assessment Relating to BNM’s Circular on Managing Risks of Electronic Banking, Direct Debit and Risks Associated with Payment Instruments.
• Compiled monthly risk metrics to report on system availability for critical systems.
• The Board approved the Technology Risk Management Framework (TRMF) and Cyber Resilience Framework (CRF), effective immediately, and monitored them closely on a continuous basis.
• Established Incident response and Crisis Management Framework
• Participation and involvement in Digital Banking Projects: E-money and Merchant Acquiring Applications, Cloud Computing Security Framework, DLP Project, BNM Enforcement Undertaking Disaster Recovery centre preparation team etc

5) Assume role of Business Continuity Management (BCM) Manager with the corresponding responsibilities by carry out following activities:

• Revision of Critical Business Function (CBF) has been carried out and the results are presented to the Risk Management Committee (RMC) for deliberation and onward submission to Board Risk Management Committee (BRMC) and Board of Directors (BOD) meeting for Notation.
• Annual review of Business Continuity Plan (BCP) and Business Continuity Management Policy. Result presented to RMC, BRMC and BOD meeting.
• Bank wide briefing has been conducted to provide guidance to all staff on the objectives and methodologies of performing BIA and RA assessment.
• Conduct Annual BCP Exercise and annual BCP call tree test. Result presented to RMC, BRMC and BOD meeting.
• Conducted Business Impact Analysis (BIA) and Risk Assessment (RA) Exercise and the results presented to RMC, BRMC and BOD meeting.
• Performed risk assessment and preparedness for COVID-19 outbreak. Crisis Management Meeting involving crisis management committee and all Heads of Division were convened to brief on the results of the risk assessment and recommended the proposed strategies business continuity plan upon pandemic outbreak. Execute BCP simulation exercise on scenario “Preparedness for pandemic”, “PayNet’s Participant’s DR capability” and “Preparedness for a prolonged business interruption” in order to help the staffs better understands and prepare for the pandemic scenario.
• Established Enhanced CCBM Precautionary Measures, Enhanced Guideline for COVID-19, Guideline for Virtual Private Network (VPN) usage

• Completed IT audit assignments including planning the audit work, developing the audit program, documenting progress, work papers, findings and reports, organizing meetings.
• Analyzed adequacy, reliability, and compliance of internal control systems.
• Identified risks and controls for new, changed, and existing processes to enhance overall risk management.
• Identified control design gaps for new, changed and existing processes.
• Administered continuous audits to evaluate the effectiveness of controls.
• Prepared audit scopes, reported findings, presented actionable recommendations, and coordinated with departments to develop remediation plans for identified deficiencies.
• Deployed data analytics to improve audit quality and productivity.
• Created audit presentations and prepared clear reports of findings.
• Collected relevant information through interviews and document inspections.
• Highlighted significant achievements in auditing.
• · Global Data Center Audit
• · Outsourcing Cheque Book and statement printing audit
• · Global AS400 Security Audit
• · Audit of Global Markets (GM) and Related Middle and Back Office Funtions
• · Global Business Banking Data Analytics Projects
• · Credit Related Audit (Loans, Collateral, Document tracking system,NPL, Collection system)
• · Core Banking system (CASA,FD, BWCIF)
• · Remittance Origination System (ROS)
• · Finance of International Trade Automated System (FITAS)
• · Internet Banking System (PIB,BIB and PayOnline)- Assignment on Business Internet Banking
• · Credit Card System (FINANS)
• · Payment Card Industry (PCI) Data Security Standard (DSS) Assessment
• · BNM eSPICK and MyClear Compliance Audit
• · Data Warehouse System (DWH)
• · Cash & Cheque Deposit Machines (CDM & ESM) System
• · RENTAS and SWIFT
• · Visa PIN Security and Key Management Compliance program
• · Call Centre Audit (CRM, Interactive Voice Response, NICE, CMS)
• · Branch Transformation Data Analytics projects
• · Witness Pin Gen for credit card mailer, PIB/BIB Pin Generation
• · Generation of reports for General audit
• · Developing audit program and extraction of data for investigation purpose
• · Business Internet Banking token initialization exercise
• · BIB token initialization exercise
• · Renewal of Visa and Master Credit Card key generation
• · Monthly Follow-Up
• Data Analysis using ACL and AS400 Query analytic tools.

Outlined key duties and functions.

• Lead and mentor a team of Analyst Programmers and Software Engineers
• Directed and coordinated team efforts in developing, testing, installing, and modifying programs to meet project objectives.
• Managed and coordinated communication with customers and vendors to gather and clarify business, application, and system requirements.
• Conducted user requirements study and gap analysis, preparing functional specifications to guide development.
• Develop and implement architectural design and system standards
• Analyze changes and impact on existing applications
• Studies existing information processing systems to evaluate effectiveness and develops new systems
• Prepare test scenarios and test scripts according to user requirements
• Acquired specialized knowledge in Loans Module and Customer Information Module.
• Acquired experience in AS400 environments, including RPGLE, RPG, SQL, QUERY, and CLLE.

Highlighted significant achievements in projects.

1) Year 2000, Project : CIMB
Role :Team Member(Datawarehouse)
Responsibility :Supervised of Credit Liability System of CIF and Participant in Data warehousing to generate the multi dimension databases table the site called “CUBES” and analyst management Reports.

2) Year 2000/2001, Project : Bank Tabungan Indonesia (BTN) , Indonesia.
Role :Team Member(CBAS-Loan Module)
Responsibility :Implementation using Visual Basic Software for Front End Screen Design and Back End Host using the AS400 CBAS.

3) Year 2001/2003, Project : Bank Mandiri, Indonesia
Role :Team Member(MBAS,Batch Processing-Loan Module)
Responsibility :strategic development and implementation of loan module and Provide comprehensive system support, configuration, maintenance, and training for users.

4) Year 2003/2004, Project : ICBV,Vietnam
Role :Team Member(Host Batch Core banking-Loan Module) Responsibility :Supervised the junior on problem solving, handling Errors Log and Assisted Bank Users on Testing (UAT) and Provide comprehensive system support, configuration, maintenance, and training for bank users.

5) Year 2004/2005, Project :Qingdao City Commercial Bank(QDCCB),China
Role :Conversion Team Lead(Core Banking-Loan Module)
Responsibility :strategic development ,Promoted to Mentor, handling discussion on file mapping and supervised the bank users on conversion issues.

6) Year 2005, Project :People’s Bank of Sri Lanka
Role :Team Member(Core Banking -Loan Module)
Responsibility :Participate in Functional Gap Study.

7) Year 2006/2007, Project :Permata Bank,Indonesia
Role :Team Lead (Core Banking Monetary System-Loan Module)
Responsibility :Participate in Functional Gap Study.

8) Year 2007, Project :Bank Bumiputera,Indonesia
Role :Team Leader (Core Banking-Loan Module)

Responsibility: Strategic development and Project implementation

9) Year 2008 until 2010, Project : Bank Hong Leong KL
Role :Team Leader(Loan Origination System)
Responsibility : design,workflow,architecture, strategic development and implementation of loan origination system(Corporate and Consumer).