Lead Technology Risk Adviser

  • Competitive
  • Singapore
  • Permanent, Full time
  • NTUC Income Insurance Co-operative Ltd
  • 2019-04-18

Lead Technology Risk Adviser

You will be part of the Technology & Cyber Risk (TCR) team under the Information Technology Risk & Security (ITRS) department of Income. TCR section is responsible for strategizing & oversight of TRM compliance tasks and projects, ensuring TRM controls and measures are implemented in a cost effective manner in supporting Income's line of businesses.


  • Work under the supervision and guidance of the Technology & Cyber Risk Manager to identify, assess and manage information security vulnerabilities and risks in the IT environment, as well as from financial intelligence leads.
  • Assess risks, evaluate for efficiencies and identify opportunities for improvement from people, process and technology perspectives.
  • Work with business units to determine the controls necessary to remediate identified risks and vulnerabilities; negotiate dates for remediation to be completed.
  • Ensure that identified risks are managed and tracked in accordance with the Risk Management program including all artifacts on risk assessment results.
  • Assist in the development of appropriate information security policies, standards, procedures, checklists, and guidelines to meet the regulatory and organization requirements.
  • Perform periodic due diligence on IT outsourced vendors, assess its residual risk and update to the risk register.
  • Provide oversight on account and application access administrative activities.
  • Regular review on Systems & Database privileged users' activities.
  • Obtain a good understanding of MAS Technology Risk Management (TRM) Guidelines, MAS Notices on Cyber Hygiene and Income's TRM Framework's risk processes and identify opportunities to enhance ITRS operational effectiveness.
  • Cultivate working relationships with across IT and business units acting in an advisory capacity for various projects.

  • Bachelor Degree in Information Systems, Computer Science or Information Technology.
  • Min 5 years in IT Security field with at least 2 years in IT risk management.

  • Candidate with CISSP, CISA or CRISC will be a plus.
  • Experience with RCSA process of risk management.
  • Strong interest in IT risk management and keep abreast of the dynamic threat landscape.
  • Knowledge of common IT technologies (OS, databases, network devices, applications)
  • Familiarity in one or more of the following areas: application security, OS system security, networking, mobile device security, cloud technologies (IaaS, SaaS environments, etc.), and web technologies.
  • Familiarity with International standards and best practices such as ISO 27001 and OWASP.
  • Familiar with IT Outsourcing processes.
  • Strong communications skills to be able to interact with technical and non-technical colleagues.
  • Detail oriented and analytical.