Risk Manager, Technology Information Security (Associate Director)

  • Competitive
  • Singapore Singapore Singapore SG
  • Permanent, Full time
  • Bank of Singapore
  • 18 Sep 18 2018-09-18

Risk Manager, Technology Information Security (Associate Director)

At Bank of Singapore, we are constantly on the lookout for exceptional individuals to join our team. We promote a culture of openness, teamwork and fairness. Most importantly, we invest in our people through our programmes that develop them on both professional and personal levels. Besides attractive remuneration packages, we offer non-financial benefits and opportunities to develop your potential within OCBC Group’s global network of subsidiaries and offices. If you have passion, drive and the will to succeed, rise to the challenge today!

  • Establish and maintain effective governance and oversight over the management of technology, information and cyber (TIC) risks.
  • Drive and facilitate discussions in the Technology Risk Management Committee (TRMC), which is responsible for managing the Bank's TIC risks on a group-wide basis.
  • Develop, review and maintain TIC risk framework, policies and departmental operating procedures to ensure that they are relevant, up to date and aligned to Group and regulatory standards.
  • Roll-out and provide guidance / training to business units on TIC risk management methodologies and tools (by leveraging on existing operational risk management tools, where possible) to enable the business units to manage their TIC risks in a structured, systematic and consistent manner.
  • Establish dashboards and Key Risk Indicators (KRIs) to provide independent reporting on effectiveness of TIC risk posture or activities to management.
  • Plan and deliver a comprehensive TIC risk awareness training and testing program for all staff. This includes the conduct of periodic social engineering tests promote awareness and measure staff susceptibility rate.
  • Provide risk advisory services to business units on the adoption of new and emerging technologies (e.g. cloud computing, Fintech etc), as well as outsourcing arrangements involving technology.
  • As a second line of defence, provide an effective challenge on the adequacy, completeness and timeliness of risk assessments and / or action plans that have been put in place to address prevailing and emerging TlC risks. This includes the review of system risk acceptances.
  • Lead and / or participate in risk committees and working groups that have been established to enhance governance and oversight over TIC risks matters.
  • Lead and / or support internal / cross-functional TIC risks initiatives such as thematic and process reviews, as well as technology projects.
  • Work with Operational Risk Partners and relevant stakeholders to strengthen and promote TIC risk awareness.
  • Oversee Email and Endpoint Content Monitoring operations and activities.


Qualifications
  • University degree.
  • Candidates with at least 7 years of relevant experience in information security, technology or cyber risk management in a banking environment preferred.
  • Professional certification in information security. E.g. CISSP, CISM, CRISC, CISA etc.
  • Understanding and knowledge of banking processes, operations and regulations (in particular MAS Technology Risk Management Guidelines), as well as ISO 27001.
  • Good communication, presentation and interpersonal skills to facilitate interactions with key stakeholders within and outside of the organisation.
  • Able to exercise sound judgment and establish plans to manage the execution of deliverables within the stipulated timelines.
Reporting to:
  • Team Lead, Technology Information Security Risk, ORM