Provide exceptional support and advice to all stakeholders in:
- Technology Risk Advice and Guidance: Provide risk, control and compliance advice to stakeholders at all levels;
- Policy and Framework Implementation: Provide support in implementing the Group/ MAS technology risk framework and policy requirements;
- Risk Profiling: Facilitate the identification and assessment of risks and controls. Facilitate regular reviews and updates to established risk profiles based on trigger events;
- Controls - Assist Technology to design, assess and measure a control environment that mitigates the risks, meets regulatory obligations, and complies with internal policies;
- Incident management - Provide guidance and support in performing incident root cause analysis and identifying control breakdowns for technology related incidents;
- Key indicator and trend analysis: Implement risk & control data analytics. Define and build KRI reporting to support effective risk reporting;
- Reporting: Provide regular reporting to Board and senior management on technology risk and security matters;
- Project Risk: Provide risk advice on major Technology and Business initiatives to ensure that Group/MAS Security requirements are met, and the appropriate controls are implemented;
- Training and Awareness: Increase Technology Risk awareness and enhance risk culture across the organization via regular training sessions;
- Regulatory and Audit Engagements: Assist with IT related regulatory inspections and internal/external audits.
WHAT WE ARE LOOKING FOR
You possess a can-do attitude and exceptional communication skills for this highly visible role. You will also:
- Possess 10+ years of technology risk management experience preferably in the insurance or financial services sector with a Bachelor or Master’s degree holder in Information Technology, Risk Management or related disciplines;
- Solid understanding of current/emerging enterprise technology (eg cloud/ DevOps etc.) and security regulations, frameworks, standards and controls;
- Ideally have hands on data analytics expertise to enable deep analysis and proactive identification of emerging risk and control issues;
- Relevant certifications essential e.g. Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC);
- Knowledge of relevant programming languages / tool sets such as Python, PowerBI, Office 365 etc and experience in first line technical roles such as developer, programmer, architect, software engineering, data analysts will be an advantage.