Responsibilities
- Accountable for managing internal and external reviews / audits from audit planning (such as request for information (RFI), opening meeting, etc.), fieldwork (such as RFI, issue discussion, etc.), to reporting and closing meeting.
- Responsible for monitoring and validating the closure of management actions, arising from internal and external reviews / audits, including regulator inspection reviews.
- Perform review of new / revised processes, provide risk opinion and ensure proper approvals and documentations.
- Collaborate with the different technology teams to conduct post implementation review of new / revised processes to provide assurance.
- Prepare and develop technology risk insights (such as IT audit thematic and trend analysis) to be presented at forums (such as technology risk forums, etc.).
- Engage and collaborate with technology stakeholders to proactively identify risks at a detailed and technical level and ensure that IT is effectively driving remediation activities and to continuously improve IT risk posture.
- Stay ahead of cyber threats, regulatory changes, and digital banking risks.
- Drive automation (, data analytics, AI / ML) for continuous auditing.
- Provide risk assessment and advisory as required : Evaluate the effectiveness of IT riskernance, security policies, and control frameworks. Assess cyber resilience, red-team exercises, and penetration testing oues. Provide actionable rmendations to senior management for risk mitigation.
- Manage technology risk initiatives and perform targeted reviews focusing on, but not limited to, the following domain areas : Cybersecurity controls (, network security, endpoint protection, cloud security, IAM, encryption) Regulatorypliance (MAS, GDPR, RBI, HKMA, etc.) Third-party / vendor risk management Incident response & threat intelligence capabilities Emerging risks (AI, fintech, API security)
Required Qualifications & Experience
Required Experience
At least 12 years (SVP) / 8 years (VP)in technology risk management, IT audit, or cybersecurityernance, preferably in global banking / financial services.Deep expertise in : Regulatory frameworks (MAS TRM, Basel III, GDPR, SOX-ITGC) Cloud security (AWS, Azure, GCP) and DevSecOps controls Third-party & supply chain risk management Data analytics for risk monitoring (Excel, Power BI, Tableau, SIEM tools)Proven track record in leading global risk programs and managing cross-regional stakeholders.Demonstrated experience in Identifying, assessing and advising on technology risks.Excellent organizational, problem solving, interpersonal and operating skills to effectively drive the IT Risk agenda with IT functions.Strongmunication skills at all levels able to effectivelymunicate with IT and senior management, as well as line staff to drive IT risk mitigation initiatives and other IT risk management related areas.Ability to leverage on data analytics to present trends, explainplex issues in a presentable and logical mannerExperience in driving IT risk management in digital age, leveraging Gen AI and Machine Learning tools, a plus.Knowledge of Information Security, System Resiliency & Availability & Software development practices and frameworks and regulatory requirements preferred.Good technicalpetencies and exposure to IT application or infrastructure development, support and management.Demonstrated experience of leveraging data and analytics to get stakeholder buy-in is a plus.Soft Skills :
Strong executivemunication(for Technology EXCO-level reporting).Ability to translate technical risks into business impact.Leadership in driving cultural change toward risk awareness.Education & Certifications :
Bachelor's / Master's in Cybersecurity, IT Risk,puter Science, or related field.Certifications (Required) : CISA, CISSP, CRISC, CISM, or equivalent .Preferred : ISO 27001 Lead Auditor, AWS / Azure Security, CCSP.Job ID WD75037