Job Description

Description of Risk & Prevention
Group Operations and Technology (O&T) provides IT and backroom support across the bank\'s business lines such as Group Consumer Financial Services, Group Corporate Banking, Global Treasury, Group Risk Management, Group Finance, and Group Human Resources.
In addition, Group O&T runs the bank\'s regional processing centres and technology operations, drive for productivity gains and lower unit costs by instilling a quality culture, and leverage on the synergy from cross border processing hubs in Singapore, Malaysia and across the region.
The objective of Group O&T Risk & Prevention (R&P) is to establish a risk awareness and compliance culture that helps Group O&T to manage risks. In supporting O&T departments, Group Risk and Regulatory Compliance Unit as the Division Compliance Officer, Business Continuity Management Coordinator and Ops Risk management Coordinator, R&P undertakes the following responsibilities:

• Coordinate and facilitate the implementation of Operational Risk & Compliance policies,

methodologies, and initiatives for proactive risk management by Group O&T.

• Monitor and uplift the Division\'s risk and compliance management performance through

tracking of audit issues, compliance breaches and loss events.

• Provide independent review of risk assessments performed by O&T for new/changed

processes to ensure integration of risk management to internal processes.

• Manage the audit engagement process, track, and ensure timely closure of issues.
• Promote awareness of risk among O&T staff and educate them on methodologies and

processes for risk management and compliance.
Role Description:
The candidate is responsible to ensure that technology-related risks are identified, assessed, and mitigated appropriately. This involves collaborating closely with the technology teams and regional R&P across the OCBC group to solve technology risk challenges and strengthen Group O&T\'s risk culture.
Duties and Responsibilities:
1. Support the Head, R&P - Technology Risk in the overall effective and proactive management of technology risk and controls in Group O&T.
2. Work closely with stakeholders to:
a. perform infrastructure (operating systems, middleware, databases, network), applications, operations risk, and control assessments to ensure that systems\' configurations, processes, and operations, with the objective of:
i. Identify, assess, treat, mitigate and articulate the risk in both technical and business context to the stakeholders.
ii. Assessing compliance to the bank\'s standards and policies, as well as statutory and regulatory requirements.
b. Challenge, drive and discuss controls or risk mitigation solutions, whilst building strong, respectful relationships.
c. Support stakeholders in audits (internal/external) and regulatory related reviews and inspections, as well as tracking, reporting and root causes are addressed.
3. Drive development and implementation of automated risk assessment frameworks that identify and quantify potential risks.
4. Collaborate with O&T teams across entities locally and in the region to assess risk profiles, identify potential areas of lapses, or non-compliance and develop risk mitigation strategies for sustained controls.
5. Design and implement automated risk monitoring and reporting that provides alerts and dashboards to help management and stakeholders make informed decision.
6. Develop and deliver training programs to educate stakeholders emerging trends in risk automations.
7. Provide advice, objective review and challenge to risk issues/ process changes identified by stakeholders to ensure technology-related operational risk identified is assessed adequately, and appropriate controls are in place to mitigate the risks.

• Corporate Grade: AVP
• Division: Group Operations & Technology
• Department: Risk & Prevention

Qualifications
1. Open to change as the team continually adopts to strategy to meet evolving regulatory and
controls landscape.
2. Good understanding of regulatory requirements, such as MAS Technology Risk Management,
Outsourcing and Notice 644, 655, etc.
3. Experience with performing IT risk and control assessments (including RCSA) and managing
audits (internal and external) as well as regulatory inspections.
4. Experience in developing and implementing dashboards/ data visualization, heatmap
presentation of metrices.
5. Good understanding and experience (preferred) of DevOps, SRE, Agile methodologies and
experience with CI/CD approach and tools.
6. Hands-on experience in the following infrastructure technology, would be desirable:
a. Servers Platform
b. Middleware technologies
c. Microservices
d. Virtualization
e. Network
f. Security
g. Database
Academic:

• University degree in technology with at least 6 years of experience in audit/ IT security/ risk

management. Practitioner and holder of IT risk certification, such as CISSP, CISA, or CRISC would be
advantageous. Core Competencies

• Successful candidates should have a strong background in technology risk management, as well as

hands-on experience in technology domains or audit/compliance. * Prior experience in statistical modelling, data analysis, data visualization tools would be an added advantage.

• They are driven, self-motivated individuals that demonstrates initiative and results oriented. Forward-thinking and interested in keeping up to date with developments and best practices in risk management, analytics and automation, the candidate should be hands-on, have good analytical skills, attention

to details and have excellent communication and collaboration skills, as well as strong ability to adopt and work effectively in a dynamic, fast-paced environment.

eFinancialCareers