Team Head, Technology, Information and Cyber Risk (TICR) & Operational Risk Management
At Bank of Singapore, we are constantly on the lookout for exceptional individuals to join our team. We promote a culture of openness, teamwork and fairness. Most importantly, we invest in our people through our programmes that develop them on both professional and personal levels. Besides attractive remuneration packages, we offer non-financial benefits and opportunities to develop your potential within OCBC Group’s global network of subsidiaries and offices. If you have passion, drive and the will to succeed, rise to the challenge today!
Responsible for establishing and maintaining governance and oversight on the management of technology, information, cyber (TIC) and operational risks within the organisation. Main Duties
Technology, Information and Cyber Risk (TICR)
- Drive and facilitate discussions in the Technology Risk Management Committee (TRMC), which is responsible for managing the Bank's TIC risks on a group-wide basis.
- Develop, review and maintain TIC risk framework, policies and departmental operating procedures to ensure that they are relevant, up to date and aligned to Group and regulatory standards.
- Roll-out and provide guidance / training to business units on TIC risk management methodologies and tools (by leveraging on existing operational risk management tools, where possible), to enable business units to manage their TIC risks in a structured, systematic and consistent manner.
- Monitor TIC risk exposures via dashboards and Key Risk Indicators (KRIs) and provide independent reporting on the effectiveness of TIC risk posture or activities to management.
- Plan and deliver a comprehensive TIC risk awareness training and testing program for all staff. This includes the conduct of periodic social engineering tests to reinforce awareness.
- Provide risk advisory services to business units on the adoption of new and emerging technologies (e.g. cloud computing, Fintech etc), as well as third party arrangements.
- As a second line of defence, provide an effective challenge on the adequacy, completeness and timeliness of risk assessments and / or action plans that have been put in place to address prevailing and emerging TlC risks. This includes the review of system risk acceptances.
- Lead and / or participate in risk committees and working groups that have been established to enhance governance and oversight over TIC risk matters.
- Lead and / or support internal / cross-functional TIC risks initiatives such as thematic and process reviews, as well as technology projects.
- Work with Operational Risk Partners and relevant stakeholders to strengthen and promote TIC risk awareness
- Provide guidance and support to Senior Management on TICR matters.
Operational Risk Management
- Provide strategic leadership in the implementation of the operational risk framework to ensure that the operational risk framework components meet the requirements, including regulatory and Group OCBC's expectations
- Lead the awareness and sustenance of operational risk management practices within the Bank
- Set and enforce operational risk management standards and processes for the execution of the operational risk programs such as Self-Assessments etc.
- Collate functional and business requirements and coordinate with the Risk Change team on the implementation of the enterprise governance, risk and compliance system.
- Implementation and sustenance of the data loss prevention programs/initiatives, including email content monitoring
- Promotes collaboration and teamwork with Business Partners and other relevant stakeholders to deepen their awareness and to assist them in the risk mitigation strategies across the O&BRM topics
- Provide guidance and support to Senior Management on operational risk matters.
- Candidates with at least 10 years of relevant experience in information security, technology or cyber risk management in a banking environment preferred.
- Understanding and knowledge of banking processes, operations and regulations (in particular MAS Technology Risk Management Guidelines), as well as ISO 27001.
- Prior experience in leading a team and managing projects / change initiatives would be an added advantage.
- University degree preferred.
- Professional certification in information security. E.g. CISSP, CISM, CRISC, CISA etc.
- Proficient in Microsoft Office Applications (i.e. Excel, PowerPoint, Word).
- Fluent in English.
- Good communications, presentation and interpersonal skills to facilitate interactions with key stakeholders within and outside of the organisation.
- Able to exercise sound judgment and establish plans to manage the execution of deliverables within the stipulated timelines.
- Self-driven with attitude and aptitude to learn and accomplish tasks that have been assigned.
- Analytical mindset and good report writing skills.
- Able to prioritise and multi-task in a competitive environment
- A team player.