Responsibilities:
- Oversee the effective implementation of the IT Security Risk framework and Global Technology (GT) governance routines and requirements, using established tools and documented procedures. This includes documentation to enable tracking, monitoring, and escalation of technology risk related issues to management, and acting as an ambassador of the risk culture.
- Assess regulatory (e.g. MAS, HKMA, CBRC, OJK, RBI, etc) changes impacting technology and operations and drive related risk mitigation program with required stakeholders. Manage regulatory relationships, where relevant.
- Works with Application Managers, Enterprise Control functions and COOs across the line of businesses to ensure that IT Security Risk and Control gaps are identified and remediated.
- Manage senior stakeholders communication and reporting
- Develop and socialize potential risk mitigation strategies
- Drive risk engagement & management and issue identification, in particular, E2E risk management includes ERP, RCSA, eRIC, SIAI, JDI, AIAI, RIAI etc.
- Drive QA (Quality Assurance) testing, Business Continuity for applications, Sustainability Program and new toolset adoption with JIRA for Risk management.
- Foster the Identify, Escalate, Debate risk culture
- Identify opportunities for enhancing or streamlining execution of risk management processes; partner across multiple divisions to execute.
- Collaborate across the GCIBT application groups, Risk Leads and enterprise process owners (including Global Information Security) to respond to Internal and External Audits, Exams, and Regulatory/Clearing Inquiries & Assessments.
- Quality assurance and Global Information Security related findings program oversight
- Assist business and process owners with remediating the most significant risks including Audit Issues, Self-Identified Audit Issues, Compliance Identified Audit Issues, Regulatory Issues
- Practice and promote good risk culture and risk management within GCIBT, leading participation in technology risk activities.
Requirements:
- Bachelors’ or Masters’ degree in Engineering, Computer science, Information Technology or related studies.
- At least 8 to 15 years of experience in IT Security risk management and audit experience preferably in Banking/FI domain preferred. Must have relevant experience in executing Risk initiatives within a tech risk function, compliance or technology audit role.
- Knowledge of Singapore MAS and APAC Banking/FI domain regulations & understanding of regulatory risk management preferred. Experience in leading IT programs for proactively identifying regulatory risk exposure and potential non-compliant areas.
- IT Security Industry certifications i.e. CISA, CISM, COBIT foundation, etc preferred.
Certifications (Added Advantage):
- Certified in Cybersecurity
- Certified Payment Security Practitioner (CPSP)