To operationalize Technology Risk management framework (governance framework, risk identification/ monitoring/ reporting, policies, procedures, standards) in the 2nd Line of Defence
To design, determine and establish KRIs, review and challenge the effectiveness of risk controls in the 1st Line of Defence and implement best risk management practices (eg. Stress tests, Due Diligence for Third-Party Service Providers/Outsourcing)
To drive timely completion of technology risk deliverables and resolution of key risk issues, including risk management monitoring and reporting
To perform assessment of technology risk trends, communicate technical concepts to non-technical audience and provide advisory as Subject Matter Expert (eg. For new product applications, adoption of new systems, technology)
To cultivate and promote a strong technology risk management culture
Job Requirements:
Degree in IT, Computing, Computer Science/Engineering or Information Systems
Good knowledge of technology risk requirements and industry standards such as MAS TRM, ITIL, SAS, NIST, ISO27001/2
Minimum 5 years experience in Technology Risk Management, Information/Cyber security, IT Audit/Compliance in banking
Professional certification such as CISSP, CISA, CISM, CRISC is an advantage
Ability to perform gap analysis of IT policies and processes against new regulatory requirements and guidelines
Self-starter and a critical thinker
Proactive, resourceful and able to think and act strategically and tactically
Able to multi-task and work independently under tight timelines
