Chief Manager – Technology Risk

Closing on: Aug 11, 2026

About the company

People’s Bank, a premier bank in Sri Lanka with the largest customer base providing innovative financial solutions to its diversified clientele for over six decades and as a conducive environment for those who strive to achieve excellence and believe in professionalism, the bank is looking for a talented & dynamic individual to fill the following position in the bank.

Responsibilities

The duties and responsibilities relevant to the position of chief manager – technology risk among others are;

Planning & reporting

  1. Develop, establish, and implement policies and frameworks for IT security and risk management.
  2. Monitor, analyze, and report information related safety and security measures of the bank.
  3. Prepare reports related to technology risk to board & management committees as required by DGM – risk management.

Leadership and management

  1. Perform/monitor technology risk assessments, including analyzing, identifying, describing, and quantifying technology risks that impact all business operations of the bank.
  2. Review technology risk-related disaster recovery procedures and prepare technology risk management plans to facilitate the bank’s business continuity plan.
  3. Monitor and analyze technology risk-related security alerts.
  4. Implement and periodically review the risk and control self-assessment (RCSA) process for information technology and information security-related services, including third-party service providers.
  5. Conduct risk and control self-assessment (RCSA) processes quarterly for information technology and information security-related services.
  6. Establish/review/monitor key risk indicators related to technology risk management.
  7. Design and establish a comprehensive technology risk management process in line with CBSL direction no. 16 of 2021 and its addendums.
  8. Ensure compliance with CBSL direction no. 16 of 2021 and its addendums.
  9. Periodically check the achievement of action plans relevant to technology risk management.
  10. Assist senior management by aligning technology risk initiatives with business objectives.
  11. Assess and report reputational risk-related incidents derived from technology risks and take/recommend mitigation actions to manage reputational/financial losses.
  12. Represent risk management department in management committees.
  13. Conduct IT related awareness sessions for bank staff.
  14. Coordinate with information security department, information technology department, digital unit, data protection unit, regulators, external and internal auditors.
  15. Prepare and implement strategic plans for information technology unit in an on-going basis.

Market scoping, business development & brand positioning

  1. Analyze technology risks at the time of introducing new technology-driven products or services to the bank and report IT vulnerabilities and mitigating measures.
  2. Review key IT projects regarding their technology risks.

Relationship, stakeholder and key account management

  1. Maintain relationships with ISO unit, IT department, and internal audit department.
  2. Develop and maintain good communication channels with other risk partners such as enterprise risk management, operational risk management, etc.
  3. Create and maintain an external network with other senior IT risk managers and relevant risk forums.

Eligibility requirements

  1. Should be a citizen of Sri Lanka.

Academic / professional qualifications

Candidate should possess one of the following qualifications;

  1. (ISC)2 certified information systems security professional (CISSP)
  2. GIAC information security professional (GISP)
  3. ISACA certified information security manager (CISM)
  4. ISACA certified in risk and information systems control (CRISC)
  5. Master’s degree in information security or master’s degree in computer science/information technology specializing in information security.

And

  1. Applicants possessing an eligible professional qualification must complete CPD requirements of the relevant professional qualification or 20 CPD hours annually.

Role-specific competencies

  1. Knowledge on technology risk management, including cyber security.
  2. Technical knowledge on IT systems and digital products used by the bank.
  3. Communication skill including technology risk related presentations.
  4. Comply with regulatory qualifications decided by CBSL time to time.
  5. Ability to increase awareness, provide education and training to employees inside the organization.
  6. Proper understanding of new technology developments and possible technology threats.
  7. Ability to analyze information security measurements of the bank and re-engineering.

Experience

  1. Minimum one-year managerial level experience in licensed commercial bank or licensed non-bank financial institution.
  2. Should be able to implement and operate regulatory requirements, the bank policies and the market best practices within the bank by giving leadership to the technology risk unit – risk management department and ensure fully complied with technology risk / cybersecurity risk requirements in relation to entire operations of the bank including operations conducted through agents and third-party service providers.

Age

  1. Age preferably below 50 years of age as at closing date of applications.

Method of selection

Shortlisted applicants based on the stipulated qualifications and experience will be called for an interview.

Conditions of employment

The position of chief manager- technology risk is equivalent to the grade of chief manager (grade I) in the bank. The appointment will be made on contract basis and performance will be evaluated annually.

Remuneration

An attractive and negotiable remuneration package commensurate with qualifications and experience will be offered to the selected candidate.

When applying

The applicants are instructed to fill in the application form on the career page of People’s Bank website and send the duly filled application along with curriculum vitae and other necessary supportive documents (should be less than 2 MB). The post applied for should be stated in the subject line of the email and should reach the email address: [email protected] on or before 18.05.2026.

An email confirmation of receipt will be sent upon the receipt of the application. In the event a confirmation has not been received within a reasonable period of time, you may inquire regarding the application on telephone numbers 011 3741420/011 3741421.

All applications will be treated in strict confidentiality and any form of canvassing will be regarded as a disqualification. All incomplete and non – complying applications will be rejected.

The bank reserves the right to decide the number of vacancies, postponement or cancellation of recruitment or on any other information not included in the advertisement.

Company: People's Bank
Company email: [email protected]
Job Location: Colombo 2
Job Category: Cybersecurity / Information Security
Job Type: Full Time

Apply now

Allowed Type(s): .pdf, .doc, .docx