- As a member of CISO team, oversee the implementation of the Bank’s Technology Risk Management (TRM) related policies, guidelines, methodologies or initiatives.
- Support the senior management in risk oversight and governance through periodic reporting technology risk register/ profile / dashboard / Key Performance Indicators (KPIs) or Key Risk Indicators (KRIs) to senior management.
- Conduct risk assessment for deviations of TRM policies and facilitate the review and approval process of risk acceptance.
- Conduct risk assessments of technologies or processes where required, e.g. data sharing, Business Impact Analysis (BIA) or Business Continuity Management (BCM), third party engagement, outsourcing, new product approval, cloud assessment.
- Participate as part of the incident response team on Information Technology (IT) incident / cyber security incident handling, damage assessment and corrective measures. Review the incident reports submitted to regulators.
- Conduct gap analysis of new regulations and Bank's established policies, processes, guidelines to ensure compliance.
- Facilitate and review the Technology Risk Control Self Assessment (RCSA).
- Perform independent review of critical technology / cyber risks and identify areas for improvement, e.g. network architecture design, firewall/network devices configurations and Vulnerability Assessment and Penetration Testing (VA/PT) findings.
- Conduct technology / cyber risk awareness training.
- Coordinate the internal and external audit projects.
- Bachelor's degree in IT, computing, Information Systems or any related domains.
- 7 or more years of experience in any of these disciplines: Information security, risk management, audit and compliance in technology areas.
- Sound knowledge in technology risk regulatory requirements (e.g. MAS Notice 644, 655, and TRM guidelines) and industry standards such as ITIL, SANS, NIST, ISO 27001/2, Cyber Security Act.
- Extensive work experience on CSIRT, network security, IPS/IDS/firewall, DLP tools and risk assessment of vulnerability assessment & penetration test findings.
- Possess strong oral and written communication skills and capable of engaging senior stakeholders.
- Clear analytical thought process and good understanding of emerging technologies developments and risk management frameworks.
- Professional certification such as CISSP/CISA/CISM/CRISC would be advantageous.