Business Function
Risk Management Group works closely with our business partners to manage the bank's risk exposure by balancing its objective to maximise returns against an acceptable risk profile. We partner with origination teams to provide financing, investments and hedging opportunities to our customers. To manage risk effectively and run a successful business, we invest significantly in our people and infrastructure.
Technology is key to enabling the DBS vision of being the leading bank in Asia. We are constantly challenged by ever changing technology landscape, increasing customer sophistication / demands and introduction of new / updated regulatory requirements. We need passionate Technology Risk Managers who play a high impact role as second line function in enhancing the bank's technology risk and cybersecurity posture.
This includes identifying potential technology and cybersecurity risks associated with existing, evolving and new technology systems and business processes, assessing potential impacts and engaging with other technology leaders on the risk treatment options based on enterprise risk appetite. Risks and mitigation plans are reported to senior leadership for review and attention.
The Role
Cross-discipline exposure to open source, virtualization/cloud, automated processes, platform, middleware technologies, storage, database, network, desktops, servers, security, DevOps, etc., are essential for this position. The incumbent is a driven, self-starter, who plays an active role working in a dynamic environment with the Technology risk teams to conduct independent assurance of risk management and drive IT risk management initiatives. The role is expected to have a proven record of positively influencing stakeholders at all levels of the organisation and is responsible to promote risk culture.
Additionally, the incumbent needs to have analytical skills to assess information and identify potential risks, possess problem-solving skills to be able to determine how to reduce those risks, and introduce more forward-looking measures of risk.
The Incumbent should be inquisitive on risks and controls issues and rationalize their mitigation. Communication skills are important to inform management about potential risk issues, provide actionable reports, including articulating impact on policy changes. There will be frequent opportunities to represent Technology Risk's view in risk forums and different levels of risk committees. The demands and high-visibility nature of this position require an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately.
Responsibilities
- Work with stakeholders across Group Technology to manage Technology Risks relating to cybersecurity and cloud infrastructure.
- Partner with first line peers to succinctly assess, frame and report on cybersecurity and cloud infrastructure risks relative to risk appetite.
- Ability to review and challenge cybersecurity and cloud infrastructure resiliency design, define and initiate stress testing against various risk scenarios.
- Ability to use analytical thinking to identify security gaps, risks, control issues and propose / review mitigation strategies.
- Conduct independent assurance to evaluate effectiveness of IT controls.
- Perform thematic second line assurance reviews, including short and targeted focused reviews for areas of topical and key concern.
- Oversight of remediation of issues arising from first line identification of control deficiencies, internal and external incidents, including deep dive reviews to identify root cause.
- Demonstrate strong judgment to balance being both a trusted advisor to the business and driving effective challenge.
- Champion risk awareness and best practices with various stakeholders to uplift risk culture in the organisation.
- Enhance the business' understanding of regulatory/compliance requirements and the implications to individual initiatives and the broader firm.
- Provide robust risk management oversight in supporting various internal, external audits and regulatory inspections / examinations.
- Monitor outstanding risk items and audit issues to ensure proper ownership and follow-up.
- Ability to work independently, prepare and write comprehensive reports for senior management on technology risk management activities and risk events for presentation to risk committees.
- Ability to communicate complex technology risk concepts in a clear and concise manner.
- Mentor more junior members of the team.
- Stay current on emerging cyber threats and potential implications to the organisation.
Requirements- Degree holder in Information Technology, Computer Science or related discipline.
- Minimum 10-15 years of working experience in relevant field.
- Professional memberships and security certifications would be considered favourably (e.g., CISA, CISSP, CISM, CCSP, etc.):
- Professional security or risk management certifications.
- Certified Risk & Information Systems Control (CRISC).
- Certified Cloud Security Professional (CCSP).
- Certifications related to SRE such as SRE Practitioner. Moderate to master proficiency in leadership skills, developing & coaching, communication, business focus, planning & organising, teamwork & collaboration, and problem solving. Change/innovation oriented, takes ownership of results, and is customer focused. Strong proficiency in technical/product expertise and knowledge in relevant fields.
- (1) Technical Experience
- IT professional with good understanding of technology platform with specialisation in cloud and security domains
- Hands on experience assessing or building controls for AWS, GCP, Azure or other cloud services.
- Experienced with technical security solutions surrounding various technologies such as but not limited to: IDS, IPS, firewall management, anti-virus, content filtering, secure email solutions, network sniffing, log management & analysis, forensics, VPN, load balancing, routing, switching and network management.
- Prior experience in either banking, IT risk management, security-related, or cloud-related
- Sound knowledge in regulatory requirements (e.g. MAS Notice 644, 655, and TRM guidelines) and industry standards/ frameworks such as ITIL, SANS, COBIT, NIST, ISO 27001/2, Cyber Security Act, Banking Act, Personal Data Protection Act.
- (2) Non-Technical Experience
- Superb interpersonal and communication skills that include active listening, writing and executive presentation skills.
- Excellent influencing and persuasion skills
- Proven critical analytical, including and the ability to express a point of view supported by data (with both technical and non-technical audiences)
- Comfort raising concerns early and knows when to escalate, including the ability to raise issues and facilitate constructive problem-solving at all levels of the organization.
- Experience in a first-line role at a financial institution or regulatory agency (preferred)
- Good planning and other project management skills, including strong organisation skills.
- Must be solutions oriented; ability to work with all levels of management and staff.
- Self-driven, passionate about hands-on learning on emerging technologies and its risks.
- Self-starter, performance-oriented individuals
- Passionate about driving change through innovation.
- General understanding of overall banking business
- (3) Work Relationship
- Support the Head of Unit in discharging the responsibilities of the team.
- Strong ability in knowledge sharing with peers.
- Contribute as a member of Team and collaborate with fellow team members and technology managers.
- Develop relationships with peer in the technology organisation.
Apply NowWe offer a competitive salary and benefits package and the professional advantages of a dynamic environment that supports your development and recognizes your achievements.
Boost your career
Find thousands of job opportunities by signing up to eFinancialCareers today.