Role Summary
We are seeking a detail-oriented and governance-focused Technology Risk & Governance Analyst to support the execution of the enterprise risk framework, with a specific emphasis on technology-related risks. This role sits within the 2nd Line of Defence (2LOD) and works closely with the Cybersecurity Implementation Lead (1.5LOD) to ensure that technology risks are identified, assessed, documented, and monitored in alignment with MAS regulations and ISO 31000 principles.
The ideal candidate will be a strong executor, able to translate regulatory and risk requirements into practical workflows, maintain governance documentation, and support risk owners across the business. This role does not require direct engagement with senior management or the Audit Committee, which will be handled by the VP, Enterprise Risk.
Key Responsibilities
Technology Risk Oversight
- Maintain a centralized repository of technology risk exceptions and deviations, ensuring traceability and audit readiness.
- Assess and monitor the technology risk profile, including vulnerabilities, incidents, control gaps, and emerging threats.
- Align technology risk controls with CIS (Center for Internet Security) benchmarks and relevant industry standards.
- Support risk assessments for new systems, technologies, and change initiatives, ensuring compliance with MAS TRM Guidelines.
- Manage the authorized software inventory and oversee the approval request process for new technology tools and platforms.
- Collaborate with the Cybersecurity Implementation Lead (1.5LOD) to ensure cyber initiatives are prioritized based on risk exposure and business impact.
Enterprise Risk Framework Execution
- Conduct and support other risk assessments across business processes, third-party outsourcing arrangements, and regulatory updates, including Risk and Control Self-Assessments (RCSAs).
- Maintain and continuously update risk registers in partnership with risk owners, ensuring completeness and alignment with enterprise risk taxonomy.
- Utilize Microsoft Power BI to generate dashboards and reports that provide insights into risk trends and control effectiveness.
- Assists in review of risk policies, procedures, templates, and governance documentation.
Governance & Documentation
- Draft and maintain minutes for Steering Committee and Audit Committee meetings.
- Track and follow up on risk-related action items from meetings.
- Ensure proper record-keeping of risk assessments, exceptions, and approvals for audit readiness.
Qualifications & Experience
- Bachelor's degree in Risk Management, Information Systems, Business, or related field.
- 5+ years of experience in risk management, governance, or compliance, preferably in financial services or FinTech.
- Familiarity with ISO 31000, MAS TRM Guidelines, and MAS Outsourcing Guidelines.
- Strong documentation and stakeholder coordination skills.
- Ability to understand and contextualize technology risks without needing deep technical expertise.
