Reporting to the Team Head, you will be part of the team of 2 to 3 to focus on planning, implementing and management of IT security, risk and compliance for the Bank. Ideally, you bring with you minimum 5 years of relevant working experience with Professional Certification such as CISA/CISM/CISSP/CRISC. You have good understanding of Banking Technology and related regulations.
- Manage regulatory relationships, communicate and coordinate with the regulator (i.e. MAS) for IT related regulatory reporting, onsite inspection and regulatory enquiries etc.
- Assess regulatory (i.e. MAS) changes impacting technology and drive related risk mitigation program with technology stakeholders
- Review any new compliance requirements from Head Office
- Coordinate IT related internal and external audits, and follow up periodically to ensure that all audit findings are remediated within the timelines.
- Develop and review policy and procedures for IT risk and compliance management
- Conduct IT risk assessment
- Conduct IT risk & compliance trainings to IT staff
- Conduct IT security awareness trainings to all bank staff and review the training materials
- Review IT related due diligence checks for outsourcing service providers
- Review and implement Data Loss Prevention controls
- Review security event logs and privileged user activities
- Perform other duties as assigned by the superiors
- Minimum 5 years of working experience on similar responsibilities
- Good level of understanding of banking technology, regulatory requirements such as MAS Technology Risk Management Guidelines, Outsourcing Guidelines and Notice 644 etc.
- Strong communication skills at all levels – able to effectively communicate with the regulator (i.e. MAS), IT management as well as line staff to drive IT risk management matters
- Knowledge of Cyber Security, System Resiliency & Availability and Software Development practices and frameworks preferred
- Excellent organizational, problem solving, interpersonal and analytical skills
- Possess a Bachelor degree or higher in Information Technology, Computer Engineering, Computer Science or other related fields.
- Professional Certification preferred – CISA/CISM/CISSP/CRISC