Position Summary
This role is responsible for defining, formulating and executing risk policies, processes and procedures for the organization, covering IT Risk. It sits in the Second Line and works closely with various stakeholders, including line departments, Line 1.5 roles and Audit. In addition, it is a key role that supports the Board Risk Committees.
Key Responsibilities
- Provide leadership, focusing on providing advice on sound risk management practices, enhancing and developing risk frameworks, policies, processes, procedures to facilitate effective risk management
- Interface with and provide timely updates on IT Risks to Senior Management Committees
- Chair the IT Risk Committee meetings to provide oversight and governance on IT risk matters
- Conduct RCSA, Control Testing, Review and Challenge on IT Risk assessment and related matters
- Proactively engage internal stakeholders to drive risk awareness within the organisation and provide guidance on risk-related matters
Requirements
- At least 10 years of experience in IT risk management - specifically IT, Cloud and cyber risks, including ITDR
- Familiarity with RCSA, control testing, review and challenge presented risks is a must
- Strong working knowledge of risk management principles and MAS Guidelines, including Technology Risk Management Guidelines, Cyber Hygiene Notice, etc
- Experience dealing with Senior Management, Auditors and Regulator
- Candidates with relevant experience in the financial/banking/payment industry or in a highly regulated environment are preferred
- Certifications such as CISA, CRISC, CISM, CISSP, CCSP, CEH or any relevant certification will have an advantage
- Excellent problem-solving skills and ability to prioritize and manage multiple tasks
- Proactive leader and team player with the ability to work independently with minimal supervision
- Excellent communication (both spoken and written), presentation and business writing skills, attention to detail and ability to perform deep-dive investigations