Technology is key to enabling the DBS vision of being the leading bank in Asia.
We are constantly challenged by changes in technology advancements, increasing customer sophistication and demands and introduction of new / updated regulatory requirements. We need strong and passionate Technology Risk Managers to ensure we have a robust environment to meet the challenges ahead.
As a member of the Technology Risk Management team, you will be responsible for partnering with stakeholders across Group Technology to enhance the bank\xe2\x80\x99s technology risk and cybersecurity posture, assess potential impacts and engaging with other technology leaders on the risk treatment options based on enterprise risk appetite.
The RoleCross-discipline exposure to open source, virtualization/cloud, automated processes, platform, middleware technologies, storage, database, network, desktops, servers, security, DevOps, etc., are essential for this position. The incumbent is a driven, self-starter, who plays an active role working in a dynamic environment with the Technology risk teams to conduct assurance of risk management and drive IT risk management initiatives. The role is expected to have a proven record of positively influencing stakeholders at all levels of the organisation and is responsible to promote risk culture. Additionally, the incumbent needs to have analytical skills to assess information and identify potential risks, possess problem-solving skills to be able to determine how to reduce those risks, and introduce more forward-looking measures of risk.The Incumbent should be inquisitive on risks and controls issues and rationalize their mitigation. Communication skills are important to inform management about potential risk issues, provide actionable reports, including articulating impact on policy changes. There will be frequent opportunities to represent Technology Risk Management\xe2\x80\x99s view in risk forums and different levels of risk committees. The demands and high-visibility nature of this position require an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately.Responsibilities
Partner with first line of defence peers to succinctly assess, frame and report on application, infrastructure and cybersecurity risks relative to risk appetite.
Ability to review and challenge application and infrastructure resiliency design, monitoring thresholds, define and initiate scenarios for stress testing for various disaster recovery and failure scenarios.
Oversight of remediation of issues arising from first line identification of control deficiencies, internal and external incidents, including deep dive reviews to identify root cause.
Ability to use analytical thinking and automation (scripting) to identify application and infrastructure and cyber security gaps, risks, control issues and mitigation strategies.
Conduct assurance to evaluate effectiveness of IT controls.
Constructively debate issues and connect the dots across various customer journeys and systems, perform scenario analysis, stress testing and challenge of proposed mitigation plans and risk acceptances.
Work with stakeholders across Group Technology to manage Technology Risks relating to Site Reliability Engineering (SRE), Cyber Security and Emerging Technology, including but not limited to Blockchain, 5G, IoT, AI and Public Cloud.
Demonstrate strong judgment to balance being both a trusted advisor to the business and driving effective challenge.
Leverage business and tech/cyber domain expertise to raise the level of challenge activities to a strategic focus.
Identify opportunities to influence risk-taking strategies and ensure that aggregate risk is understood.
Analyse trends, anomalies and behaviours and work with technology stakeholders to design and implement technical IT risk measure that are relevant to the Lines of Business.
Provide robust risk management oversight in supporting various internal, external audits and regulatory inspections/examinations.
Monitor outstanding risk items and audit issues to ensure proper ownership and follow-up.
Engage with technology stakeholders to proactively identify risks at a detailed and technical level and ensure that IT is effectively driving remediation activities and to continuously improve IT risk posture.
Ability to work independently, prepare and write comprehensive reports for senior management on technology risk management activities and risk events for presentation to risk committees.
Ability to communicate complex technology risk concepts in a clear and concise manner.
Mentor more junior members of the team.
Stay current on emerging cyber threats and potential implications to the organisation.
Play a critical role in maintaining the bank\'s technology resilience, ensuring that it can leverage technology while effectively managing potential risks that may arise from the digital landscape.
Requirements
Degree holder in Information Technology, Computer Science or related discipline.
Minimum 12-15 years of working experience in relevant field.
Professional memberships and security certifications would be considered favourably (e.g., CISA, CISSP, CISM, CCSP, etc.):
Professional security or risk management certifications.
Certified Risk & Information Systems Control (CRISC).
Certified Cloud Security Professional (CCSP).
Certifications related to SRE such as SRE Practitioner.
Excellent in leadership skills.
Moderate to master proficiency in developing & coaching, communication, business focus, planning & organising, teamwork & collaboration, and problem solving.
Change/innovation oriented, takes ownership of results, and is customer focused.
Strong proficiency in technical/product expertise and knowledge in relevant fields.
(1) Technical Experience
IT professional with good understanding of technology platform with specialisation in application, infrastructure and security domains.
Experienced IS or risk professional with experience and exposure to Agile, DevOps, and SRE.
Practical experience assessing or building controls for AWS, GCP, Azure or other cloud services.
Prior experience in either banking, IT risk management, security-related or IT audit.
Sound knowledge in regulatory requirements (e.g. MAS Notice 644, 655, and TRM guidelines) and industry standards/ frameworks such as ITIL, SANS, COBIT, NIST, ISO 27001/2, Cyber Security Act, Banking Act, Personal Data Protection Act.
Demonstrated experience in identifying, assessing and advising on technology risks.
Knowledge of Information Security, System Resiliency & Availability & Software development practices and frameworks preferred.
Good technical competencies and exposure to IT application or infrastructure development, support and management.
Strong understanding of IT applications, infrastructure, cybersecurity principles, and technology-related regulations and standards. Domain expertise in one or more of these areas preferred.
Experience to driving IT risk management in digital age a plus.
Excellent organizational, problem solving, interpersonal and operating skills to effectively drive the IT Risk agenda with IT functions.
Stay up-to-date with the latest technological advancements and industry trends to identify and assess potential risks associated with new technologies.
\xc2\xb7 Knowledge in adoption of emerging technologies with a focus on managing associated risks effectively.(2) Non-Technical Experience
Superb interpersonal and communication skills that include active listening, writing and executive presentation skills.
Excellent influencing and persuasion skills.
Proven critical analytical, including and the ability to express a point of view supported by data (with both technical and non-technical audiences).
Comfort raising concerns early and knows when to escalate, including the ability to raise issues and facilitate constructive problem-solving at all levels of the organization.
Experience in an oversight role at a financial institution (preferred) or regulatory agency.
Good planning and other project management skills, including strong organisation skills.
Must be solutions oriented; ability to work with all levels of management and staff.
Self-driven, passionate about hands-on learning on emerging technologies and its risks.
Self-starter, performance-oriented individuals.
Passionate about driving change through innovation.
General understanding of overall banking business.
(3) Work Relationship
Support the Head of Unit in discharging the responsibilities of the team.
Strong ability in knowledge sharing with peers.
Contribute as a member of Team and collaborate with fellow team members and technology managers.
Develop relationships with peer in the technology organisation.