Company Overview
My client is a well‑established Japanese financial institution with a strong presence in trust banking and related financial services. The organisation operates in a highly regulated environment and places strong emphasis on sound governance, technology risk management, and information security controls. With close coordination between local operations and head office, the bank maintains a structured, audit‑ready control environment to meet regulatory and supervisory expectations across its jurisdictions.
Role & Responsibilities Technology Risk, Security & Governance
- Provide structured support in the execution of Technology Risk Management activities in alignment with MAS Technology Risk Management (TRM) Guidelines and internal head office policies.
- Assist in maintaining a mature, well‑governed IT control environment through disciplined processes, documentation, and adherence to established operating frameworks.
- Support second‑line oversight activities across technology risk and information security, ensuring consistent application of governance practices.
- Contribute to the maintenance and review of technology and information security policies, procedures, and standards to ensure they remain current, accurate, and audit‑ready.
- Perform policy, procedure, and control reviews and support gap analysis against applicable regulatory and internal requirements.
Regulatory Compliance & Audit Support
- Develop and maintain a working understanding of MAS regulations, notices, guidelines, and circulars relevant to technology risk and cybersecurity.
- Assist in performing gap assessments against regulatory requirements and tracking remediation actions to closure.
- Support internal and external audits, regulatory examinations, and inspections by preparing documentation, evidence, and management responses.
- Coordinate with head office technology risk and cybersecurity teams on regulatory assessments, reviews, and compliance initiatives.
Risk Assessment, Monitoring & Reporting
- Support the operation and maintenance of the Technology Risk Framework, including technology risk registers, critical system assessments, and business continuity planning activities.
- Assist in technology risk assessments, control reviews, and remediation tracking across IT and outsourced service providers.
- Monitor selected IT and security controls (e.g. patching, vulnerability notices, access management, segregation of duties) and support escalation where required.
- Contribute to management and committee reporting related to technology risk, cybersecurity posture, and regulatory compliance.
Vendor & Outsourcing Governance
- Support vendor and outsourcing governance activities in accordance with MAS Outsourcing Guidelines.
- Assist with due diligence reviews, contract and SLA monitoring, and periodic vendor assessments.
- Review and validate technology risk and control responses provided by IT vendors and third‑party service providers, including outsourced arrangements managed by non‑IT functions.
Advisory & Stakeholder Engagement
- Work closely with internal IT teams, business stakeholders, and head office counterparts to support risk assessments, system changes, and governance initiatives.
- Support cybersecurity awareness activities and management‑level exercises, including tabletop or scenario‑based discussions.
- Perform other technology risk and cybersecurity‑related duties as assigned, under guidance from senior team members.
Requirements / Qualifications
- Diploma or Bachelor's degree in Information Technology, Cybersecurity, Computer Science, Engineering, or a related discipline.
- Professional certifications such as CISA, CISM, CISSP, CRISC, or equivalent are advantageous.
- 1–3 years of relevant experience in Technology Risk Management, IT Risk, IT Audit, Cybersecurity Governance, or related functions within banking or a regulated industry.
- Foundational understanding of regulatory IT risk and security frameworks such as MAS TRM, NIST CSF, ISO 27001, SOC 2, or equivalent.
- Basic technical knowledge across networks, operating systems, access controls, and security controls sufficient to support risk and control assessments.
- Experience supporting or participating in audits, regulatory inspections, or compliance activities is preferred.
Jaspreet Kaur Sran (R22109724)
JAC Recruitment Pte. Ltd (90C3026)
