Promote the value and importance of effective IT Governance and assurance on all IT systems which serve SG Branch
Lead the implementation of IT Governance and assurance framework strategy throughout SG Branch IT, where required.
Regulatory Compliance
Monitor and report risk indicators / measures, and ensure timely escalation of the department's operational risk events with mitigating actions to stakeholders and risk committees
Proactively identify, assess and evaluate potential risks for the department to reduce likelihood and impact of occurrence in line with risk appetite
Conduct self-assessments to identify and address control weaknesses and potential risks associated with new business initiatives, process changes and new product or services for the department
Establish and implement controls, assurance and validations to manage risks for the department
Ensure IT policies, procedures and SOPs are updated and aligned with the Bank's risk framework and policies
Perform regulatory gap analysis for new or revised regulatory guidelines impacting IT department, ensuring adequate risk and control are put in place for regulatory compliance
Manage and address regulatory expectations, including audit examinations and queries
Champion Risk & Compliance culture # , and provide relevant risk and compliance updates / training / guidance within IT department
Ensure timely assessment, escalation and resolution of operational risk event to minimize potential losses
Conduct deep-dive investigation, identify root causes with mitigating controls from learnings through post-incident to prevent recurrence
Provide training and briefing to bank staff on IT governance policies and processes, and technology regulatory requirements, where required.
Maintain registers on IT SOPs, risks, audit findings, non-compliances and formulate IT Risk management reports
Develops / maintains Technology governance SOPs as needed
POC for internal and external audits, and follow up on audit issues to ensure implementation of remediations
Liaison with regulators on technology compliance matters.
Assist business units on related legislation, regulatory and standards affecting IT Third Party Risk Management of the Bank
Work with stakeholders to assist in the development and implementation of IT Third Party Risk compliance controls
Validating Data Leakage Prevention & Privileged ID Review samples
Assist Head IT Governance in all ITD Management Governance Meetings to contribute effectively as an SME to help the team in identifying risks, treating the risk, tracking and reporting.
Deputise for Head IT Governance as ITD POC for all Risk Management on IT Risk related topics.
Specialise in specific Risk domains such as Business Risk, Data Risk, Third-party Risk, Business Continuity and/or Project Management Assurance as assigned.
Requirements
Bachelor's degree in computer science or its equivalent
Relevant qualifications in MAS Technology Risk Management Guidelines, Business Continuity Management Guidelines, Outsourcing Guidelines & associated notices (658, FSM-N05, FSM-N06, etc), Personal Data Protection Act (2020) & Guidelines, and Cloud Governance (Based on AWS Best practices Pillars and NIST).
Minimum 7 years working experience in Technology Governance
Strong track record in technology risk management, preferably in a banking environment.
Good leadership qualities.
Able to engage stakeholders and develop options for them.
Highly result oriented and can work independently.
Ability to build relationship and interact effectively with internal and external parties.
Good analytical, technical, written and verbal communication skills.
Technology and operational risk management leadership.
Risk management policy development.
Technology outsourcing & risk gap assessments.
Expert in analytical skills and able to make decisions, exhibit sound and accurate judgment when tackling challenges
Mentor, train and advise colleagues
Consistently consume and contribute to documentation to ensure up to date relevant body of knowledge that will directly ensure work is done correctly and completely
Exposure/experience in other Technology areas outside of risk management, especially Cloud-related.
