Job Description

Information Security & Digital Risk (Associate Director) - ( 230000BM )
Description

Responsible for second line of defence related to governance and oversight of Information Security Risk and Digital Risks (Technology, Information and Cyber) within the organisation. Responsibilities

• Lead and support the risk governance and oversight of Information Security Risk and Digital Risks (Technology, Information and Cyber) in second line.
• Lead second line Information Security initiatives and establish/roll-out Local Information Security Office (LISO) program to each of global locations within the organisation.
• Lead and represent second line in regulatory assessments in Information Security risk and Digital risks topics.
• Lead and / or support internal / cross-functional initiatives such as technology, information and cyber thematic and process reviews, as well as technology projects.
• Lead and / or participate in risk committees and working groups that have been established to enhance governance and oversight over Information Security risk and Digital risks matters.
• Develop, review and maintain Information Security and Digital risk framework, policies and departmental operating procedures to ensure that they are relevant, up to date and aligned to Group and regulatory standards.
• Monitor Information Security and Digital risk exposures via dashboards and Key Risk Indicators (KRIs) and provide independent reporting on the effectiveness of risk posture or activities to management.
• Provide risk advisory services to business units on the adoption of new and emerging technologies (e.g. cloud computing, Fintech etc), as well as third party arrangements.
• As a second line of defence, provide an effective challenge on the adequacy, completeness and timeliness of risk assessments and / or action plans that have been put in place to address prevailing and emerging Information Security and Digital risks. This includes the review of system risk acceptances.
• Plan and deliver a comprehensive Information Security and Digital risk awareness training and testing program for all staff. This includes the conduct of periodic social engineering tests to reinforce awareness.

Qualifications

Profile of Candidate

• Candidates with at least 8 years of relevant experience in information security, technology or cyber risk management in a banking environment preferred.
• Good knowledge and experience with applications, infrastructure technologies and / or cyber security.
• Good understanding of banking processes, technology, operations, and regulations (in particular MAS Technology Risk Management Guidelines), as well as ISO 27001.
• Prior experience in managing projects / change initiatives would be an added advantage

Academic and professional qualifications

• University degree preferred.
• Professional certification in information security. E.g. CISA, CISM, CRISC, CISSP etc.
• Proficient in Microsoft Office Applications (i.e. Excel, PowerPoint, Word).

Language skills

• Fluent in English.
  

Personal attributes

• Good communication, presentation and interpersonal skills to facilitate interactions with key stakeholders within and outside of the organisation.
• Ability to collaborate well within the team, department and across different departments/locations.
• Able to exercise sound judgment and establish plans to manage the execution of deliverables within the stipulated timelines.
• Self-driven with attitude and aptitude to learn and accomplish tasks that have been assigned.
• Analytical mindset and good report writing skills.
• Able to prioritise and multi-task in a competitive environment
• A team player.

Primary Location : Singapore
Job : Risk Management
Organization : BOS - Risk Management
Schedule : Permanent
: Full-time
Job Posting : 20-Feb-2023, 9:02:28 PM