AVP, IT Risk Reviewer, Group Technology Risk Assurance, Technology Services, Technology and Operations
The Group Technology Risk Assurance function supports the technology infrastructure functions in DBS Group to ensure that IT risks and control deficiencies are identified, and suitable remediation is implemented as appropriate. The Group Technology Risk Assurance Manager is a technical IT risk and security subject matter expert, and reports to the Head of Group Technology Risk Assurance. The individual will be responsible for assessing the risk and compliance state of key controls for critical applications and programs and serve as an in-unit control function.
This is a unit within the Group Technology Services (TS), that oversees and manages the Group's technology infrastructure across multiple locations and owns the key IT service management processes. Among which, the unit is also responsible for the reviews of Outsourced Service Providers in the bank.
Cross-discipline exposure to open source, virtualization/cloud, automated processes, platform, storage, network, desktops, servers, security, DevOps, etc., are essential for this position. The incumbent is a driven, self-starter, who plays an active role working in a dynamic environment with the infra teams to embed controls in their processes and operations. Additionally, the incumbent need to have analytical skills in order to assess information and identify potential risks. They also possess problem-solving skills to be able to determine how to reduce those risks. Incumbent should be inquisitive on risks and controls issues and rationalize their mitigation. Communication skills are important, because they must develop clear protocols, inform management about potential risk issues and relay information as well as impact about policy changes effectively.
Demonstrate good understanding of the security, risks and controls of cross-discipline technology environment in a financial institution. Understand the operating environment and design security, risk and control metrics. Analyse trends, anomalies and behaviours for risk and control reporting. Execute and complete all technology risk and control assessments, as well as engaging application and infrastructure teams; with the objectives of identifying risks, security, controls and operational lapses. Responsibilities
Evolve the way IT configurations, processes, and controls are assessed, monitored and mitigated, both internally and at our outsourced service providers (OSP). Ability to use analytical thinking and automation (scripting) to solve security, risk and control issues. Identify, through automated means, security operations gaps, vulnerabilities, associated risks and mitigation strategies in our internal and outsourced service providers (OSP) environment. Liaise with internal, external auditors and regulators. Requirements
Bachelor's degree in Information Technology or Computer Science preferred IT professional with good understanding of technology platform and solutions; Familiar with technical security solutions surrounding various technologies such as but not limited to: IDS, IPS, firewall management, anti-virus, content filtering, secure email solutions, network sniffing, log management & analysis, forensics, VPN, load balancing, routing, switching and network management Experienced IS or risk professional with experience and exposure to Agile, DevOps, SRE and cloud technologies (preferred) Prior experience in either banking, IT risk management, security-related or IT audit (preferred) Good planning and other project management skills, including strong organisation skills Must be solutions oriented; ability to work with all levels of management and staff Self-driven, passionate about hands-on learning on emerging technologies and its risks. Self-starter, performance-oriented individuals Passionate about driving change through innovation Experience in outsourced vendor management. Good interpersonal and communication skills - spoken and written Apply Now
We offer a competitive salary and benefits package and the professional advantages of a dynamic environment that supports your development and recognises your achievements