TISR Analyst - Technology & Information Security Risk (Operational Risk Management)

TISR Analyst - Technology & Information Security Risk (Operational Risk Management)

About the job - roles & responsibilities

The objective of the Technology & Information Security Risk (TISR) function is to establish and maintain governance and oversight on the effectiveness of technology risk and information security risk management for the OCBC Group.

The TISR Analyst role will have the following responsibilities:

  • Maintain and support the collection and analysis of risk metrics independently from existing control assurance functions and systems to form the basis of reporting into the TISR Dashboard;
  • Review technology and information security metrics from Group Operation & Technology against independently collected metrics and audit reports to determine any systemic issues in existing controls;
  • Provide effective challenge on risk control activities, timeliness and completeness of mitigation/ action plans against known and emerging risks or prevailing cyber threat intelligence;
  • Lead or participate in the review on technology and information security focus areas where effectiveness of controls requires improvements;
  • Support the regular risk reporting to CRO, CEO and BRMC on the technology and information security risk landscape with change factors to response to critical risks, where required, and escalate any un-mitigated key risk issues


1. Experience required:
a. At least 2 years of experience in technology, information or operational risk management in Financial Services Industry would be useful.
b. Understanding of technology risk management concepts, analyse risks and impact and how technology risks can be managed.
c. Good program or project management experience.
d. Good knowledge of IT management controls, processes and best practices. Familiar with technology standards, such as ITIL and regulatory guidelines (Singapore and regional Asia). Knowledge of ISO 27001 is good-to-have.
e. Good written and communication skills with ability to interact and engage with all levels of management.
f. Good influencing skills within the team, department, across departments and various levels of management
g. Ability to work well under pressure and respond to tight deadlines including exercise excellent judgment in setting priorities
h. A self-starter, work independently with limited guidance, solution orientated and team player

2. Education:
  1. University degree (Bachelor or Master level) in technology or information security related studies