Location:Singapore, SG

Job Function: Chief Operating Officer’s Office

Job Type: Permanent

Req ID: 16123

• Formulate and maintain cyber, information and technology risk policies, standards and guidelines for the firm
• Act as a domain expert and trusted partner in information and technology risk; work closely with Information and Technology Risk Officers and stakeholders in various functions to enforce information and technology risk management policies and standards
• Enhance and finetune IT risk assessment methodology and processes
• Conduct regular awareness training for staff on cyber, information and technology risks, including policies, standards and relevant topics; periodically publish security awareness articles
• Conduct periodic and ad-hoc assessments to monitor compliance with security policy and security controls design and operating effectiveness; review information and technology risk, audit and operational risk issues to identify root causes and trends, and recommend appropriate remediation
• Define and execute the program of work for information and technology risk management, including budgeting, prioritization, resource allocation, and coordination with internal and external partners
• Identify and assess emerging risks, and devise effective mitigating controls together with stakeholders
• Work closely with peers in TG, and partner with Operational Risk Management (ORM) in monitoring operational risk tolerance metrics, operational risk events and control deficiencies, as well as reporting and escalations to relevant Risk Committees

• Bachelor's Degree in Information Technology, Computer Science, Engineering or equivalent
• More than 5 years of relevant experience in financial services industries, with minimum 3 years in risk functions involving Information, Technology and Cyber Security risk
• Professional knowledge and experience with industry Information, Technology Risk or Cyber Security management frameworks
• Equipped with professional business partnership and virtual team management experiences
• Strong influencing, problem solving, analytical and interpersonal skills
• Experience in organisation IT risk appetite and key risk indicator management, monthly data driven report generation and presentation to senior management, and independent assessment of incident root cause analysis will be required
• Possession of professional qualifications - CISM, CRISC, PMP, CISA, CISSP, CSX – will be advantageous
• Experience in implementing data-driven controls automation checks through coding and scripting in Python, Audit Command Language (ACL) will be advantageous