Head of IT Governance SG

Responsibilities:

• Support the driving and implementation of strategic initiatives and programs by Group and the local Management and, thereafter, to support relevant governance and oversight activities of such programs. These programs include:
  • Management Self-Identified Issues (MSII), 
  • Risk and Control Self-Assessment (RCSA), 
  • Technology Risk Appetite Statement (TRAS) and 
  • IT related outsourcing review
• Guide IT staff on the MSII, RCSA and TRAS programs including the development of relevant awareness, advising them on deviations to be raised in accordance with established criteria and process as well as to ensure these are processed centrally in an efficient and effective manner.
• Prepare reports on the current Information Security, Risk and Compliance postures, identify compliance gaps and develop corrective actions to remediate the gaps, follow up on the remediation with the control owners and report to Senior Management.
• Co-ordinates on all MAS Notices (including MAS Notice FSM-N05, Notice FSM-N06, MAS 658) and Guidelines (including Technology Risk Management Guidelines and Outsourcing Guidelines) to ensure conformance and compliance.
• Act as 1.5Line of Defence (LoD) to support and supplement the bank’s 3LoD model.
• Track and manage the expected quality attributes and the assessment metrics for project deliverables based on QC standards.
• Perform quality assurance to ensure project activities and deliverables comply with the bank’s policies, procedures and standards.
• Other main roles include
  • Appointed DCORO, Data Steward for IT, and Data Protection Officer (DPO)
  • Reviewing of standards and procedures across the different pillars in IT to ensure effective compliance with Group Policies and Regulator’s requirements.
  • Liaise with internal and external Auditors to oversee the audits and to ensure timely remediation and closure of audit observations.
  • Partner with Senior IT Management to continuously drive process improvement in areas where controls do not adequately mitigate risks. 
  • Involving & contributing to key incidents, threats and outages, and contribute in task force/management decisions.
  • Administer and manage IT related risks in the Bank Risk Register that contain Control Issue Management (CIM), Key Risk Indicators (KRI). Loss Events (LED) and Risk and Control Self-Assessment (RCSA). 

Requirements:

• Min. Bachelor degree in Information Systems or its equivalent.
• At least 12+ years’ experience in infrastructure and technology risk management (at least 2 years in a leading role).
• Strong track record in technology risk management, preferably in a banking environment. 
• Good leadership qualities.
• Able to engage stakeholders and develop options for them.
• Highly result oriented and can work independently.
• Ability to build relationship and interact effectively with internal and external parties.
• Good analytical, technical, written and verbal communication skills.
• Technology and operational risk management leadership. 
• Technology outsourcing & risk gap assessments. 
• MAS Technology Risk Management expertise.