Job Description

Technology Risk Management as a 2nd Line function

• Implement risk governance and regulatory compliance (eg. BNM RMiT, MAS TRMG) frameworks and processes in APAC for assessing, monitoring and reporting of technology risks inherent in business operations
• Upkeep and operationalize Technology Risk Management Framework in the 2nd Line of Defence, including formulation and maintenance of policies, procedures and standards to meet regulatory requirements
• Work closely with stakeholders in the 3 lines of defence to implement appropriate risk governance/oversight, design/determine/establish metrics like KRIs, implement/monitor/challenge (effectiveness of) controls and promote best practices that drive technology risk and regulatory compliance
• Coordinate technology risk management efforts and manage IT Governance, Risk and Compliance (GRC) activities across the APAC Offices and with HO to drive timely completion of technology risk deliverables and resolution of key risk issues
• Communicate technical concepts to non-technical audience and senior management and lead efforts to cultivate and promote a strong technology risk culture and ensure adherence to technolgy risk management policies, procedures and standards

• To operationalize Technology Risk management framework (governance and compliance framework, risk identification/ monitoring/ reporting, policies, procedures, standards) in the 2nd Line of Defence
• To design, determine and establish KRIs, review and challenge the effectiveness of risk controls in the 1st Line of Defence and implement best risk management practices (eg. Stress tests, Due Diligence for Third-Party Service Providers/Outsourcing)
• To drive timely completion of technology risk deliverables and resolution of key risk issues
• To perform assessment of technology risk trends, communicate technical concepts to non-technical audience and provide advisory as Subject Matter Expert (eg. For new product applications, adoption of new systems, technology)
• To cultivate and promote a strong technology risk culture

• Degree in IT, Computing, Computer Science/Engineering or Information Systems
• Good knowledge of technology risk requirements and industry standards such as MAS TRM, ITIL, SAS, NIST, ISO27001/2
• Minimum 5 years experience in Technology Risk Management, Information security, IT Audit/Compliance in banking
• Professional certification such as CISSP, CISA, CISM, CRISC is an advantage
• Ability to perform gap analysis of IT policies and processes against new regulatory requirements and guidelines
• Self-starter and a critical thinker
• Proactive, resourceful and able to think and act strategically and tactically
• Able to multi-task and work independently under tight timelines
• Strong oral and written communication skills
• Strong stakeholder management skills
• Culturally sensitive

eFinancialCareers