Overview
The Singapore Exchange Group (SGX) owns and operates the only integrated securities exchange and derivatives exchange in Singapore and their related clearing houses. The securities exchange was the first fully electronic and floorless exchange in Asia. SGX serves a wide array of international and domestic investors and end users, including many of the world’s largest financial institutions, and have been among the most innovative exchanges in the world in technological and new product development. Therefore, the ability to prepare for contingencies and to mitigate against them, is of utmost importance to SGX.
The Enterprise Risk (ER) team has overall responsibility for enabling the organization to identify, assess and manage risks in the face of uncertainty, and is integral to its value creation and preservation. ER Team reports into Head, Enterprise Risk and has oversight across all SGX functions and subsidiaries.
As the AVP of Enterprise Risk with a Technology/Cyber related focus, you will play a critical role in safeguarding and enhancing the technological resilience and security of SGX. This role will work closely with various departments to ensure the effective management of technology-related risks.
The role requires an individual with high commitment, organization skills and the ability to handle stress in a fast paced and everchanging environment. An individual that thrives on challenges, with a goal of achievement and success will be suitable for the role.
Responsibilities:
Compliance and Regulations
· Stay updated on industry regulations, compliance standards, and best practices related to technology risk management. Monitors potential threats and informs and advises the organization.
· Perform risk assessment from regulatory developments and industry mandates and communicate the risk vision and objectives to various groups to drive the alignment of risk’s policies or procedures.
· Oversee, develop and implement improvements and efficiencies in the various Enterprise Risk Management Program, including but not limited to Risk Self-Assessment (RSA), Control Self-Assessment (CSA), Incident Management, Business Continuity Management, Outsourcing and etc.
Technology Risk Assessment and Monitoring
· Maintain, review and update Technology Risk Appetite statements for the organization, develop and update relevant Key Technology Risk Indicators and thresholds for effective monitoring.
· Conduct comprehensive risk assessments of SGX’s technology infrastructure, systems, and processes.
· Conduct presentations and workshops for risk identification and migration. Work with the business units to identify, assess, document and regularly review risks of all risk types and guide and support the business to design and implement controls.
· Challenge and assess the first line’s risk management activities including identification of vulnerabilities and threats, risk assessment of likelihood and impacts on the business.
· Communicate risk findings and recommendations effectively.
· Ensure timely development and implementation risk mitigation strategies and action plans by the 1st line functions to proactively address technology-related risks, ensuring business continuity and data security.
· Establish and develop meaningful technology risk dashboard and monitor technology related risks against limits and thresholds and work with risk owners/group risk team to resolve them within set timeline.
· Prepare and present regular reports on technology-related risks to management when needed
· Constantly develop and maintain risk tools and systems.
Risk Awareness Training
· Responsible fordirecting, raising risk awareness and create a desired risk culture across the organization.
· Work with relevant technology team to enhance and oversee the implementation of cyber security awareness training programs for employees to enhance cybersecurity awareness and compliance.
