The Assistant Manager, Third Party & Technology Risk, is responsible for providing second-line-of-defence (2LoD) oversight and challenge of technology risk and third‑party arrangements. The role ensures third‑party and technology risks are consistently identified, assessed, challenged, monitored, and escalated, in line with internal policies, risk appetite, and regulatory expectations.
Key Responsibilitie
s1. Third‑Party Risk Oversigh
- tProvide 2LoD review and challenge over third‑party risk assessments. Assess inherent and residual risk, adequacy of controls, and quality of risk conclusions
- .Advise business and contract owners on risk scoping, applicability, exemptions, and re‑assessment triggers, including non‑traditional third‑party arrangements
- .Ensure alignment with regulatory requirements such as MAS circulars on management of third party arrangements
.
2. Technology Risk Management & Due Diligence (2Lo
- D)Provide independent oversight and challenge of technology risk due diligen
- ceReview key technology risk domains, includin
- g:Information security and cyber ri
- skIdentity, access, and privileged access manageme
- ntVulnerability, patching, and security testi
- ngIncident management and notification readine
- ssIT resilience, BCM, and recoverabili
- tySDLC, change, migration, and cutover ris
- ksChallenge unsupported risk acceptances, weak compensating controls, and control assumptions lacking evidenc
e.
3. Project, Change, and Transformation Oversi
- ghtProvide 2LoD technology risk oversight for material projects, system implementations, migrations, and decommissioning activities. Escalate material risks where residual exposure is inconsistent with risk appeti
te.
4. Monitoring, Issues, and Escala
- tionOversee ongoing monitoring of third‑party and technology r
- isksReview and challenge risk issues, deviations, and time‑bound risk acceptan
- ces.Identify themes, systemic weaknesses and key risk indicators for escalation to management and risk committ
ees.
5. Incid
- ents Provide 2LoD oversight of technology and third‑party incidents, ensuring root causes and corrective actions address underlying control
gaps.
6. Governance, Advisory, and Continuous Impro
- vementAct as a trusted risk advisor and effective challenger to other business units, IT, Compliance, Legal, Procurement, and Risk
- teams.Contribute to the enhancement of technology risk and third‑party risk policies, standards, guidance, and repo
- rting.Support audits, regulatory reviews, and senior management queries relating to technology and third‑party
risk.
Qualific
- ations:Degree in Information Technology, Information systems, Accountancy or Business Administration or a recognised professional qualifi
- cation.6–10 years experience in technology risk, third‑party risk or IT audit. Prior experience in financial institutions and/or a 2LoD oversight or challenge role will be pre
- ferred.Strong understanding of technology, cyber, and third‑party risk mana
- gement.Ability to engage senior stakeholders while maintaining independent risk jud
- gement.Analytical and structured with excellent communications
- skills.Strong project management and facilitation
skill.
