AVP / Senior Associate, Manager, Technology Risk Controls & Assurance, Technology & Operations
- Permanent, Full time
- DBS Bank Limited
- 23 Jun 17
See job description for details
Group Technology and Operations (T&O) enables and empowers the bank with an efficient, nimble and resilient infrastructure through a strategic focus on productivity, quality & control, technology, people capability and innovation. In Group T&O, we manage the majority of the Bank's operational processes and inspire to delight our business partners through our multiple banking delivery channels.
The Group Technology Risk Assurance function supports the technology functions in DBS Group to ensure that IT risks and control deficiencies are identified and suitable remediation is implemented as appropriate. The Group Technology Risk Assurance Manager is a technical IT risk and security subject matter expert, and reports to the Head of Group Technology Risk Assurance. The individual will be responsible for assessing the risk and compliance state of key controls for critical applications and programs and serve as an in-unit control function.
This is a unit within the Group Technology Services (TS), that oversees and manages the Group’s technology infrastructure across multiple locations and owns the key IT service management processes.
To ensure that all operational and emerging risks are mitigated and adequate controls are implemented. The incumbent is a driven, self-starter, who plays an active role working in a dynamic environment with the application and operations teams to embed controls in their processes and operations. This includes cross-discipline exposure to open source, virtualization/cloud, automated processes, platform, storage, network, desktops, servers, security, DevOps, etc., across markets that DBS has IT infrastructure, and at our outsourced service providers.
- Demonstrate good understanding of the security, risks and controls of cross-discipline technology environment in a financial institution.
- Good working knowledge of open source software (OSS) and its applicability to manage risks and security in a dynamic operating environment.
- Understand the operating environment and design security, risk and control metrics. Analyse trends, anomalies and behaviours for risk and control reporting.
- Execute and complete all technology risk and control assessments, as well as engaging application and infrastructure teams; with the objectives of identifying risks, security, controls and operational lapses.
- Use of OSS to actively participate in the Bank’s DevOps, SRE teams to embed controls.
- Involve and complete the review of IT configurations, processes, controls and mitigation plans, both internally and at our outsourced service providers (OSP).
- Ability to use analytical thinking and automation (scripting) to solve security, risk and control issues.
- Develop, deploy or simulate technical test cases, and/or POC, and follow up on control issues for proper implementation, at the same time, develop a mechanism/solution to ensure the issue is also adequately addressed across function and locations.
- Collaborate with security architecture and engineers, infrastructure and applications teams and vendors to identify innovative security as well as controls and actively apply these solutions to advance DBS Group security and controls posture in our internal processes and outsourced vendor operations.
- Review and identify security operations gaps, vulnerabilities, associated risks and mitigation strategies in our internal and outsourced service providers (OSP) environment.
- Liaise with auditors and regulators.
- Good interpersonal and communication skills - spoken and written
- Good planning and other project management skills, including strong organisation skills
- Must be solutions oriented; ability to work with all levels of management and staff
- Self-starter, performance-oriented individuals
- Experience in outsourced vendor management.
- IT professional with good understanding of technology platform and solutions;
- Familiar with technical security solutions surrounding various technologies such as but not limited to: IDS, IPS, firewall management, anti-virus, content filtering, secure email solutions, network sniffing, log management & analysis, forensics, VPN, load balancing, routing, switching and network management
- Experienced IS or risk professional with experience and exposure to Agile, DevOps, SRE and cloud technologies (preferred)
- Prior experience in either banking, IT risk management, security-related or IT audit (preferred)
We offer a competitive salary and benefits package and the professional advantages of a dynamic environment that supports your development and recognises your achievements.