IT and Cyber Risk Control Lead

Posted:
4/25/2024, 5:00:00 PM

Location(s):
Singapore, Singapore

Experience Level(s):
Expert or higher ⋅ Senior

Field(s):
IT & Security

The day-to-day activities:

  • Maintain and update the Bank’s technology and cyber risk frameworks, policies and standards based on prevailing regulatory requirements and industry best practices.

  • Drive proactive adherence with Bank’s security policies and standards, and regulatory requirements across the region. 

  • Build a comprehensive controls library to support technology and cyber risk management activities of the GXS.

  • Assess the effectiveness of controls and determine the residual risks of any control failures and remediation actions are required.

  • Maintain a risk register of all residual risk acceptances with implication of technology and cyber risks.

  • Proactively track and monitor implementation of risk mitigation measures and perform effectiveness review where needed to ensure implemented measures are effective in reducing risks to acceptable levels.. 

  • Support technology and cyber KRI reporting activities and to ensure adherence with the Bank’s risk appetite.

  • Participate in technology and cyber risk governance working groups and/or committees where needed. 

  • Facilitate internal and external audits, as well as regulatory examinations/inspections as a Person In-Charge (PIC) for TRGC function. 


 

The must-haves:

  • Degree in Computer Science / Technology-related field. 

  • Minimum 10 years experience in a similar role with another financial institution or regulated institution (e.g. Telco).

  • Excellent presentation and communication skills with proficiency in English (both verbal and written).

  • Excellent stakeholder management skills.

  • Professional information security certification (e.g. CISSP, CISA, CISM, etc) is strongly recommended.

  • Possess excellent communication, sharp analytical abilities with proven design skills, able to think critically of the current system in terms of growth and stability.

  • Prior knowledge and exposure of technology and cyber risk management in the banking industry. 

  • Familiarity with other principle risk types such as fraud risks and liquidity risks.