VP, Technology Risk Management, RMG

작업 내용

Job Purpose:

This position reports directly to Country Head of Technology Risk Management in DBS to ensure that the Line 2 (2nd line of defence) can provide a supplementary viewpoint in the risk assessment when issues arise. By performing as a team of risk management professionals, you will play a crucial role in safeguarding the bank’s reputation, assets, and customer data against potential technological threats and vulnerabilities.

Key Responsibilities:

Risk Assessment and Management:

· Identify, evaluate, and prioritize potential technology-related risks across the bank’s IT environment in accordance to the Group’s technology risk management framework.

· Conduct regular risk assessments to evaluate the effectiveness of existing controls and identify areas for improvement.

· Collaborate with other departments, such as IT, cybersecurity, compliance, and business units, to ensure a coordinated approach to technology risk management.

Technology Policy and Standards:

· Implement governance around key processes, and adequacy of frameworks and policies for technology risk management and ensure these are aligned with industry best practices and regulatory requirements.

· Ensure compliance with relevant laws, regulations, and internal policies relating to technology risk management.

Incident Response and Crisis Management:

· Develop and execute incident response plans to handle technology-related incidents, including cyberattacks, data breaches, system failures, and other IT-related disruptions.

· Lead the response and recovery efforts during crisis situations to minimize the impact on the bank’s operations and customers.

Risk Mitigation and Control Implementation:

· Propose and implement risk mitigation strategies to reduce the bank’s exposure to potential technology risks.

· Monitor the implementation and effectiveness of controls and measures to safeguard the bank’s technology assets and data.

Reporting and Communication:

· Prepare regular risk reports for senior management and the board of directors, highlighting key technology risk issues, trends, and remediation actions.

· Communicate risk-related matters to various stakeholders, including executive management, business units, auditors, and regulatory bodies.

Emerging Technology Risk Analysis:

· Stay up-to-date with the latest technological advancements and industry trends to identify and assess potential risks associated with new technologies.

· Advise on the adoption of emerging technologies with a focus on managing associated risks effectively.

Alert Monitoring and Stress Testing

• Work with Line 1 (first line of defence) to determine the threshold standard to monitor alerts. Challenge the LOBTs on the monitoring and define scenarios for stress-testing. Monitor and ensure all flagged issues are tracked to closure.
• Participate in stress testing for various disaster recovery scenarios on an adhoc or periodic basis, taking a more thoughtful view at a higher level of what should be tested, including (i) observability (figure out what is happening e.g. is system available/working ok) (ii) scenarios for disaster recovery, and (iii) potential thought experiments (what happens in certain scenarios and whether these scenarios have been tested).

Requirement:

· Bachelor’s or Master’s degree in Information Technology, Computer Science, Risk Management, or a related field.

· Significant experience in technology risk management, information security, IT auditing, or a related discipline, preferably within the financial services industry.

· Proven leadership and management experience, with the ability to guide and motivate a team effectively.

· Strong understanding of IT infrastructure, applications, cybersecurity principles, and technology-related regulations and standards. Domain expertise in one or more of these areas preferred.

· Familiarity with industry frameworks and methodologies for technology risk management, such as NIST Cybersecurity Framework, ISO 27001, and COBIT.

· Excellent analytical and problem-solving skills, with a keen eye for detail.

· Exceptional communication and presentation abilities, with the capability to convey complex technical concepts to non-technical stakeholders.

• · Professional certifications such as CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), or CRISC (Certified in Risk and Information Systems Control) are advantageous.