Job Description:

  • As a member of CISO team, oversee the implementation of the Bank’s Technology Risk Management (TRM) related policies, guidelines, methodologies or initiatives.
  • Support the senior management in risk oversight and governance through periodic reporting technology risk register/ profile / dashboard / Key Performance Indicators (KPIs) or Key Risk Indicators (KRIs) to senior management.
  • Conduct risk assessment for deviations of TRM policies and facilitate the review and approval process of risk acceptance.
  • Conduct risk assessments of technologies or processes where required, e.g. data sharing, Business Impact Analysis (BIA) or Business Continuity Management (BCM), third party engagement, outsourcing, new product approval, cloud assessment.
  • Participate as part of the incident response team on Information Technology (IT) incident / cyber security incident handling, damage assessment and corrective measures. Review the incident reports submitted to regulators.
  • Conduct gap analysis of new regulations and Bank's established policies, processes, guidelines to ensure compliance.
  • Facilitate and review the Technology Risk Control Self Assessment (RCSA).
  • Perform independent review of critical technology / cyber risks and identify areas for improvement, e.g. network architecture design, firewall/network devices configurations and Vulnerability Assessment and Penetration Testing (VA/PT) findings.
  • Conduct technology / cyber risk awareness training.
  • Coordinate the internal and external audit projects.


  • Bachelor's degree in IT, computing, Information Systems or any related domains.
  • 7 or more years of experience in any of these disciplines: Information security, risk management, audit and compliance in technology areas.
  • Sound knowledge in technology risk regulatory requirements (e.g. MAS Notice 644, 655, and TRM guidelines) and industry standards such as ITIL, SANS, NIST, ISO 27001/2, Cyber Security Act.
  • Extensive work experience on CSIRT, network security, IPS/IDS/firewall, DLP tools and risk assessment of vulnerability assessment & penetration test findings.
  • Possess strong oral and written communication skills and capable of engaging senior stakeholders.
  • Clear analytical thought process and good understanding of emerging technologies developments and risk management frameworks.
  • Professional certification such as CISSP/CISA/CISM/CRISC would be advantageous.

Apply for this Job

* Required
+ Add Another Employment