Talent.com
This job offer is not available in your country.
Tech & Cybersecurity Risk Lead

Tech & Cybersecurity Risk Lead

GXS BankSingapore
19 days ago
Job description

Responsibilities

As a senior member of the Tech and Cyber Riskernance team, you will play a key role in shaping and executing the Bank's strategy for managing technology and cyber risk. Your expertise is crucial for safeguarding the Bank's resilience, ensuring regulatorypliance, and enabling secure innovation across the region, with a strong emphasis on technical risk assessment across diverse initiatives and developing our ServiceNow GRC platform.

1.ernance, Risk Framework & Acceptance :

  • Develop, implement, and maintain the Bank'sprehensive technology and cyber risk frameworks, policies, and standards, ensuring alignment with regulatory requirements (MAS TRM & Outsourcing Guidelines, etc.) and best practices.
  • Drive adherence to these frameworks and standards across business and technology functions for both internal projects and third-party engagements.
  • Oversee and perform formal risk assessments and manage the risk acceptance process according to Bank policies and risk appetite.

2. Risk Assessment & Management :

  • Lead and conductplex technical security risk assessments for internal systems, new bank-wide projects, applications, infrastructure changes, and third-party engagements (cloud, software vendors, etc.) throughout their lifecycle.
  • Drive technology and cyber cyber key metrics (Key Risk Indicators (KRIs), etc.) definition and reporting against the Bank's risk appetite.
  • Contribute to and oversee aspects of the Third Party Risk Management (TPRM) process from a technical security perspective, as part of a holistic risk management approach.
  • Assess the design and operating effectiveness of technology and cyber controls within internal environments and third-party services, determine residual risks arising from control failures, and rmend necessary remediation actions.
  • Maintain a risk register of all residual risk acceptances with implications for technology and cyber risks.
  • Proactively track and monitor the implementation of agreed-upon technology and cyber risk mitigation measures and conduct effectiveness reviews to ensure risk reduction to acceptable levels.
  • Engage in technology and cyber riskernance activities through regular participation in and reporting updates tomittees, managements, and working groups as required.

    • 3. Technical Security Solutions & GRC Platform Development :

  • Conduct in-depth technical validation of security controls, architecture, and evidence for both internal systems / projects and third-party solutions (SOC 2 & ISO reports, pen test reports, architectural diagrams, code review summaries etc.).
  • Plan, lead, and execute technical security assessments, including potential onsite reviews for critical internal systems or third-party locations; document findings and drive remediation.
  • Lead the design, development, configuration, and enhancement of GRC solutions, particularly within the ServiceNow GRC module (, Policy andpliance, Risk Management, Vendor Risk Management), to automate and improve risk management processes, reporting, and workflows.
  • Utilize technical development skills (, scripting, API integration, light development) to build and maintain custom GRC functionalities, integrations with other security tools, and dashboards within ServiceNow or other supporting platforms.
  • Design and enhance technical assessment methodologies, tooling, and procedures; explore / evaluate GenAI tools to improve assessment efficiency and depth.
  • Identify, analyze, document technical risks / gaps; collaborate on and track effective remediation plans.

    • 4. Stakeholder Engagement & Regulatorypliance :

  • Serve as a key technical security SME for tech and cyber risk matters, providing pragmatic guidance to internal project teams, technology owners, and business units.
  • Collaborate with stakeholders (Procurement, Legal, Technology, Business Units, etc.) to embed security requirements into project lifecycles, internal development processes, and third-party contracts.
  • Manage tech / cyber regulatory obligations, trackpliance, report non-conformities, and support incident reporting.
  • Provide mentorship and uplift tech and cyber risk awareness Bank-wide.

    • Required Qualifications :

  • 10+ yearsbined experience in banking or financial services .
  • 5+ years direct, hands-on experience in technical security risk management, epassing internal systems, IT projects, and third-party engagements, including leading diverse technical security assessments.
  • Proven experience in ServiceNow GRC module development, configuration, and administration (, creating workflows, custom tables, scripting, managing integrations).
  • Demonstrable technical development skills, including proficiency in scripting languages (, JavaScript for ServiceNow, Python), understanding of APIs, and experience with data integration relevant to GRC platforms.
  • Deep technical security expertise across multiple domains (Cloud Security (AWS / Azure / GCP), Network Security, Application Security (AppSec), Identity & Access Management (IAM), Data Security, Vulnerability Management, Security Operations, etc.).
  • Strong working knowledge of MAS regulations (TRM Guidelines, Outsourcing Guidelines, relevant MAS FSM notices).
  • Familiarity with other global banking regulations (FFIEC, OCC, etc.) and security frameworks (NIST CSF, ISO 27001 / 2, CIS).
  • Proven experience planning and conducting onsite vendor technical assessments.
  • Possess excellentmunication, exceptional analytical, critical thinking, and problem-solving skills.
  • Strong stakeholder management, influencing, negotiation, and conflict resolution skills.
  • Bachelor's degree in a relevant technical field pSci, InfoSec, Engineering) or equivalent work experience.

    • Preferred Qualifications :

  • Professional certifications (CISSP, CISM, CISA, CRISC, CCSP, Cloud certifications like AWS / Azure Security Specialty).
  • ServiceNow Certified System Administrator (CSA) or Certified Implementation Specialist (CIS) in GRC, Risk, or Vendor Risk Management.
  • Experience with secure software development lifecycle (SSDLC) principles and DevSecOps practices.

    • Job ID R-2025-06-101513

    Create a job alert for this search

    Tech Lead • Singapore