Functional Consultant – IT Risk & Governance, Risk & Compliance (GRC)

Job Purpose

To provide expert functional consulting in IT risk management, threat management, and security governance/compliance for UOBAM. The role focuses on risk assessment, regulatory compliance, policy development, and stakeholder advisory, supporting the organization's security and governance objectives.

Key Responsibilities

• IT Risk & Threat Management
• Conduct IT security risk assessments across systems and technology layers.
• Identify, evaluate, and communicate risks; recommend and track mitigation actions.
• Perform threat modeling and analysis to support risk-based decision making.
• Manage and report on technology obsolescence risks.
• Security & Governance Risk Compliance
• Ensure compliance with regulatory and industry frameworks (e.g., ISO 27001, MAS TRM, NIST, CCM).
• Support internal and external audits, compliance reviews, and regulatory reporting.
• Develop, maintain, and enhance security policies, checklists, and guidelines.
• Participate in and support security governance committees.
• Stakeholder Management & Advisory
• Advise and influence both technical and non-technical stakeholders on security risk matters.
• Collaborate with business and technology teams to ensure risks are understood and managed.
• Guide and support subsidiaries or business units on IT security risk management.
• Continuous Improvement
• Drive process improvements, automation, and digitization for effective risk management.
• Stay updated on security trends, threats, and regulatory changes.

Requirements

• Education: Bachelor's degree in Computer Science, Information Technology, or a related field.

Experience:

• Minimum 5 years in IT risk management, information security, or GRC roles (preferably in banking or financial services).
• Hands-on experience with risk assessment, threat modeling, and compliance management.
• Proven track record in developing and implementing security policies and governance processes.

Knowledge & Skills:

• Deep understanding of regulatory frameworks (ISO 27001, MAS TRM, NIST, CCM, etc.).
• Strong stakeholder management, communication, and presentation skills.
• Experience supporting audits and regulatory reviews.
• Ability to simplify complex risk and compliance issues for business decision-making.
• Certifications (Preferred):
• CISSP, CISA, CISM, ISO 27001 Lead Auditor/Implementer, or equivalent.
• Soft Skills:
• Strong analytical and problem-solving abilities.
• Proactive, collaborative, and able to work independently.
• Leadership in driving initiatives and process improvements.

Preferred Experience

• Prior experience in the banking or financial services sector.
• Exposure to regional regulatory requirements (e.g., MAS TRM).
• Experience in supporting multi-country or regional subsidiaries.