CRO - Information Technology & Security Risk Lead - Operational Risk - VP

Overview

An Information Technology & Security Risk Lead to join the second line of defence (2LoD) Operational Risk Management (ORM) team in Singapore. This role reports to the Asia Pacific (APAC) Regional Head of Information Technology and Security Risk. The candidate should have a proven depth of knowledge and keen interest in Information Security and Technology and their application in large financial institutions. The role involves inputting subject matter expertise and driving innovative approaches in applying risk management in an evolving threat environment. The team has a global footprint in Frankfurt, Singapore, London, Mumbai, New York and Jacksonville.

Responsibilities

Support the regional head and contribute to all activities performed in the APAC region as the 2LoD for Information Technology and Security Risk.

Provide data and analytics reporting to monitor Information Security and Technology Risk Appetite, breaches and remediation.

Support the implementation of automated data and analytics reporting processes where required.

Support the delivery of Operational Risk Management (ORM) priorities such as risk & control assessments, scenario analysis, and risk appetite.

Monitor and challenge 1LoD Risk and Control Self-Assessments (including results of 1LoD control testing / assurance).

Perform 2LoD control assurance through targeted reviews of areas of concern.

Understand and articulate key Information Security and Technology regulatory requirements across APAC and their impact on the Information Security and Technology Risk Framework.

Represent the Information Technology and Security Risk function in internal governance councils / committees, with Group Audit (3LoD) and regulators as required.

Skills and Experience

University degree in Computer Science, Information Technology, Information Security, Risk Management or related field.

Minimum 8 years of experience in Information Technology or Information Security within the financial industry.

Experience with Technology Risk Frameworks and knowledge of Information Technology and Security regulatory standards and / or Risk Frameworks.

Understanding of technology from support, development or business analysis perspectives.

Technical understanding and training in data analysis, development, business analysis or project management.

Experience with technology coding (e.g., Python, Java).

Understanding IT controls : SDLC, managing technology obsolescence, disaster recovery.

Knowledge of Digital Transformation, Private and Public Cloud, AI tooling.

Relevant professional certifications (e.g., CISSP, CISA, CISM, CRISC, CGEIT, CCSK, ITIL, ISO 27001 Lead Auditor).

Experience working in large global teams and ability to work independently without day-to-day oversight.

Strong communication skills.

Proficiency in Mandarin (read, write, speak) for business engagement with Chinese regulators is required.

Location and Compliance

Role is to be performed on-site at One Raffles Quay office. Vaccination requirements may apply.

What We Offer

Flexible working to help balance personal priorities

Coaching and support from experts in the team

A culture of continuous learning to aid progression

Flexible benefits tailored to individual needs

Training and development to help you excel in your career

About Deutsche Bank

Deutsche Bank is a leading global bank with strong European roots and a global network. We welcome applications from all people and promote a positive, fair and inclusive work environment.

#J-18808-Ljbffr