Company Overview

My client is a well‑established Japanese financial institution with a strong presence in trust banking and related financial services. The organisation operates in a highly regulated environment and places strong emphasis on sound governance, technology risk management, and information security controls. With close coordination between local operations and head office, the bank maintains a structured, audit‑ready control environment to meet regulatory and supervisory expectations across its jurisdictions.

Role & Responsibilities

Technology Risk, Security & Governance

Provide structured support in the execution of Technology Risk Management activities in alignment with MAS Technology Risk Management (TRM) Guidelines and internal head office policies.
Assist in maintaining a mature, well‑governed IT control environment through disciplined processes, documentation, and adherence to established operating frameworks.
Support second‑line oversight activities across technology risk and information security, ensuring consistent application of governance practices.
Contribute to the maintenance and review of technology and information security policies, procedures, and standards to ensure they remain current, accurate, and audit‑ready.
Perform policy, procedure, and control reviews and support gap analysis against applicable regulatory and internal requirements.

Regulatory Compliance & Audit Support

Develop and maintain a working understanding of MAS regulations, notices, guidelines, and circulars relevant to technology risk and cybersecurity.
Assist in performing gap assessments against regulatory requirements and tracking remediation actions to closure.
Support internal and external audits, regulatory examinations, and inspections by preparing documentation, evidence, and management responses.
Coordinate with head office technology risk and cybersecurity teams on regulatory assessments, reviews, and compliance initiatives.

Risk Assessment, Monitoring & Reporting

Support the operation and maintenance of the Technology Risk Framework, including technology risk registers, critical system assessments, and business continuity planning activities.
Assist in technology risk assessments, control reviews, and remediation tracking across IT and outsourced service providers.
Monitor selected IT and security controls (e.g. patching, vulnerability notices, access management, segregation of duties) and support escalation where required.
Contribute to management and committee reporting related to technology risk, cybersecurity posture, and regulatory compliance.

Vendor & Outsourcing Governance

Support vendor and outsourcing governance activities in accordance with MAS Outsourcing Guidelines.
Assist with due diligence reviews, contract and SLA monitoring, and periodic vendor assessments.
Review and validate technology risk and control responses provided by IT vendors and third‑party service providers, including outsourced arrangements managed by non‑IT functions.

Advisory & Stakeholder Engagement

Work closely with internal IT teams, business stakeholders, and head office counterparts to support risk assessments, system changes, and governance initiatives.
Support cybersecurity awareness activities and management‑level exercises, including tabletop or scenario‑based discussions.
Perform other technology risk and cybersecurity‑related duties as assigned, under guidance from senior team members.

Requirements / Qualifications

Diploma or Bachelor's degree in Information Technology, Cybersecurity, Computer Science, Engineering, or a related discipline.
Professional certifications such as CISA, CISM, CISSP, CRISC, or equivalent are advantageous.
1-3 years of relevant experience in Technology Risk Management, IT Risk, IT Audit, Cybersecurity Governance, or related functions within banking or a regulated industry.
Foundational understanding of regulatory IT risk and security frameworks such as MAS TRM, NIST CSF, ISO 27001, SOC 2, or equivalent.
Basic technical knowledge across networks, operating systems, access controls, and security controls sufficient to support risk and control assessments.
Experience supporting or participating in audits, regulatory inspections, or compliance activities is preferred.

Jaspreet Kaur Sran (R22109724)
JAC Recruitment Pte. Ltd (90C3026)
#LI-JACSG

ASSISTANT MANAGER - IT RISK AND CYBER SECURITY GOVERNANCE