Risk Specialist / Manager- Technology, Information and Cyber Risk (Senior Associate/ Associate Director))
At Bank of Singapore, we are constantly on the lookout for exceptional individuals to join our team. We promote a culture of openness, teamwork and fairness. Most importantly, we invest in our people through our programmes that develop them on both professional and personal levels. Besides attractive remuneration packages, we offer non-financial benefits and opportunities to develop your potential within OCBC Group’s global network of subsidiaries and offices. If you have passion, drive and the will to succeed, rise to the challenge today! GENERAL DESCRIPTION
Responsible for second line of defence related to governance and oversight of technology, information and cyber (TIC) risks within the organisation. MAIN DUTIES
Qualifications WORK EXPERIENCE REQUIREMENTS
- Support the governance and oversight of technology, information and cyber risks, and assist in technology, information and cyber risk management projects and initiatives.
- Support internal / cross-functional TIC risks initiatives such as thematic and process reviews, as well as technology projects.
- Monitor TIC risk exposures via dashboards and Key Risk Indicators (KRIs) and provide independent reporting on the effectiveness of TIC risk posture or activities to management.
- Develop, maintain and identify opportunities to enhance TIC risk management methodologies, reporting dashboards, databases and tools.
- Develop, review and maintain TIC risk framework, policies and departmental operating procedures to ensure that they are relevant, up to date and aligned to Group and regulatory standards.
- As a second line of defence, provide an effective challenge on the adequacy, completeness and timeliness of risk assessments and / or action plans that have been put in place to address prevailing and emerging TlC risks. This includes the review of system risk acceptances.
- Provide risk advisory services to business units on the adoption of new and emerging technologies (e.g. cloud computing, Fintech etc), as well as third party arrangements.
- Plan and deliver a comprehensive TIC risk awareness training and testing program for all staff. This includes the conduct of periodic social engineering tests to reinforce awareness.
- Work with Operational Risk Partners and relevant stakeholders to strengthen and promote TIC risk awareness.
- Keep abreast of emerging technology risks, cyber threat landscape, industry trends relating to TIC risks.
- At least 5 years of relevant experience in information security, technology or cyber risk in financial services environment preferred.
- Good knowledge and experience with applications, infrastructure technologies and / or cyber security.
- Good understanding of banking processes, technology, operations, and / or MAS regulations.
- Good problem analysis and resolution skills.
- Academic and professional qualifications
- University degree preferred.
- Professional certification in information security. e.g. CISSP, CISM, CRISC, CISA etc.
- Proficient in Microsoft Excel, Microsoft Access, Microsoft PowerPoint, VBA and data visualisation tools
- Good communication, presentation and interpersonal skills to facilitate interactions with key stakeholders within and outside of the organisation.
- Ability to collaborate well within the team, department and across different departments/locations.
- Able to exercise sound judgment and establish plans to manage the execution of deliverables within the stipulated timelines.
- Self-driven with attitude and aptitude to learn and accomplish tasks that have been assigned.
- Analytical mindset and good report writing skills.
- Able to prioritise and multi-task in a competitive environment
- A team player.