Job Description

Responsibilities:

Strategy and Planning


Promote the value and importance of effective IT Governance and assurance on all IT systems which serve SG Branch Lead the implementation of IT Governance and assurance framework strategy throughout SG Branch IT, where required.
Regulatory Compliance


Monitor and report risk indicators / measures, and ensure timely escalation of the department's operational risk events with mitigating actions to stakeholders and risk committees Proactively identify, assess and evaluate potential risks for the department to reduce likelihood and impact of occurrence in line with risk appetite Conduct self-assessments to identify and address control weaknesses and potential risks associated with new business initiatives, process changes and new product or services for the department Establish and implement controls, assurance and validations to manage risks for the department Ensure IT policies, procedures and SOPs are updated and aligned with the Bank's risk framework and policies Perform regulatory gap analysis for new or revised regulatory guidelines impacting IT department, ensuring adequate risk and control are put in place for regulatory compliance Manage and address regulatory expectations, including audit examinations and queries Champion Risk & Compliance culture # , and provide relevant risk and compliance updates / training / guidance within IT department Ensure timely assessment, escalation and resolution of operational risk event to minimize potential losses Conduct deep-dive investigation, identify root causes with mitigating controls from learnings through post-incident to prevent recurrence Provide training and briefing to bank staff on IT governance policies and processes, and technology regulatory requirements, where required. Maintain registers on IT SOPs, risks, audit findings, non-compliances and formulate IT Risk management reports Develops / maintains Technology governance SOPs as needed POC for internal and external audits, and follow up on audit issues to ensure implementation of remediations Liaison with regulators on technology compliance matters. Assist business units on related legislation, regulatory and standards affecting IT Third Party Risk Management of the Bank Work with stakeholders to assist in the development and implementation of IT Third Party Risk compliance controls Validating Data Leakage Prevention & Privileged ID Review samples Assist Head IT Governance in all ITD Management Governance Meetings to contribute effectively as an SME to help the team in identifying risks, treating the risk, tracking and reporting. Deputise for Head IT Governance as ITD POC for all Risk Management on IT Risk related topics. Specialise in specific Risk domains such as Business Risk, Data Risk, Third-party Risk, Business Continuity and/or Project Management Assurance as assigned.

Requirements:

Bachelor's degree in computer science or its equivalent Relevant qualifications in MAS Technology Risk Management Guidelines, Business Continuity Management Guidelines, Outsourcing Guidelines & associated notices (658, FSM-N05, FSM-N06, etc), Personal Data Protection Act (2020) & Guidelines, and Cloud Governance (Based on AWS Best practices Pillars and NIST). Minimum 7 years working experience in Technology Governance Strong track record in technology risk management, preferably in a banking environment. Good leadership qualities. Able to engage stakeholders and develop options for them. Highly result oriented and can work independently. Ability to build relationship and interact effectively with internal and external parties. Good analytical, technical, written and verbal communication skills. Technology and operational risk management leadership. Risk management policy development. Technology outsourcing & risk gap assessments. Expert in analytical skills and able to make decisions, exhibit sound and accurate judgment when tackling challenges Mentor, train and advise colleagues Consistently consume and contribute to documentation to ensure up to date relevant body of knowledge that will directly ensure work is done correctly and completely * Exposure/experience in other Technology areas outside of risk management, especially Cloud-related.