Manager/Senior Manager, Cyber Security & Technology Risk
The objective of Technology & Cyber Risk function is to establish and maintain governance and oversight on the effectiveness of technology, information and cyber risk management across NTUC Income and its subsidiaries. Reporting to the Head of Information Technology Risk & Security (ITRS) department, he/she will have the following responsibilities : PRIMARY RESPONSIBILITIES
- Support risk governance and oversight on the effectiveness of technology, information or cyber risk management
- Drive the incorporation of relevant regulatory and insurance industry guidelines into existing policy, standards and guidelines
- Provide risk advisory service, including recommendation of risk mitigation options, on technology, information and cyber risks associated with new insurance services, fintech initiatives, outsourcing-related arrangements, regulatory and legal guidelines
- Partner with stakeholders to develop and establish risk management strategies, controls, and programmes to manage significant risks;
- Establish baseline monitoring of Key Risk Indicators for exceptions and status reporting to management for IT regulatory compliance and related technology risk matters;
- Keep abreast of new technologies and related risks, industry trends, and regulatory requirements relating to technology, information & cyber security
- Participate in IT projects and initiatives to bring pro-active risk management focus into solutions;
- Develop and implement risk responses to ensure that risk factors are addressed in a cost-effective manner and in line with business objectives.
- Manage a threat and vulnerability management program to include ongoing penetration testing, vulnerability scanning, data loss prevention, and threat assessments
- Work with Head of ITRS to drive cyber defense strategy and oversight on cyber and information security initiatives
- Drive the organisation-wide technology, information and cyber risk awareness and training program
- Other duties may be assigned.
- Degree holder in Information Technology, Information Systems, Computer Science or equivalent.
- More than 7 years of experience in technology, information or cyber risk management, information security or IT audit in Financial Services Industry
- Familiar with MAS Technology Risk Management and MAS Cyber Hygiene, MAS Outsourcing, PDPA
- Experience in leading risk assessment and risk reduction initiatives
- Good knowledge and experience with risk management, IT governance and information security management standards
- CISSP, CISA, CRISC or SANS certifications will be an advantage.
- Strong leadership skills in motivating team members and managing stakeholders Strong interest in cyber and information security management and keep abreast of the dynamic threat landscape.
- Solid understanding of IT Risk, Audit and Information Security principles
- Knowledge of information security standards (e.g. ISO 27001, COBIT, NIST, PCI DSS)
- Possess specialized skill sets like vulnerability scanning, penetration testing, server hardening review, malware analysis or forensics Strong analytical and problem solving skills are necessary
- Possess good working attitude and self-motivated to learn
- Excellent planning and organisational skills
- Good interpersonal, verbal and written communication skills.
- Strong communications skills to be able to interact with technical and non-technical colleagues.
- Essential that the candidate is a team-player and able to work independently and proactively