Tech Risk and Control Specialist
About The Company
Sing Investments & Finance Limited has more than 50 years of lending experience in the financing arena in Singapore. Our core activities include the acceptance of fixed and saving deposits from the public as well as the provision of loans and credit facilities to individuals and corporations, particularly the Small and Medium Enterprises (SMEs) in Singapore. The relationships that have been built over the years have earned us the reputation as one of Singapore's trusted finance companies. We are seeking dynamic individuals to grow with us and to continue building relationships with our valued customers.
We are looking for a dynamic and experienced Technology Risk and Control Specialist to join the RMD team. You will be instrumental in driving IT risk management initiatives including risk governance, internal & external audits and external attestations.
Responsibilities:
- Accountable for managing internal, external and regulatory reviews/audits from audit planning.
- Assess MAS regulatory change impacting the technology platforms and drive risk mitigation programs with stakeholders.
- Review risk findings with stakeholders to determine management actions and responsible for monitoring and validating the closure of management actions.
- Engage and collaborate with IT department to proactively identify risks at a detailed technical level and drive remediation plans to ensure that risks identified are effectively mitigated.
- Manage the risk and security related process improvements and quality programs.
- Perform procedure reviews to ensure compliance to IT security standards.
- Provide technical expertise for process improvement and quality assurance.
- Provide timely and periodic update to RMC on risk and security matters.
- Communicate and provide guidance of new IT risk policies.
- Investigate any security breaches and assess their damage.
- Keep up to date with developments in IT security standards and threats.
Requirements:
- Degree holder
- Must possess relevant certification on either Certified Information Systems Security Professional (CISSP) or ISO 27001 Information security management systems or Certified Information Systems Auditor (CISA) or Certified Information Security Manager (CISM).
- Experience in identifying, assessing and advising on technology risks.
- Excellent organizational, problem solving, interpersonal and operating skills to effectively drive the IT Risk working committee agenda with IT department.
- Have a strong control and process management mindset, constantly paying attention to details and have ability to perform deep-dive investigation and crunching for control and process issues.
- Strong communication skills - able to effectively communicate with IT department.
- Good technical competencies and exposure to IT application development, support and management.
- Knowledge of the Banking Act – Banking Secrecy Act, Cyber Security Act, MAS Technology Risk Management Guidelines, MAS Outsourcing Guidelines etc.
- Good knowledge of information security and cybersecurity risks and controls, processes, workflows, methodologies, and trends.
*Corporate rank and remuneration will commensurate with experience