A well-established financial institution is seeking a Technology Risk Manager to join its second line of defence risk function. This is a broad-mandate role encompassing technology risk, operational resilience, and third-party risk management, suited to a candidate who brings both technical grounding and a working familiarity with applicable regulatory frameworks across Singapore and Hong Kong.
What You'll Be Doing
- Developing and maintaining the organisation's technology risk framework and policies, providing independent oversight of technology risk-taking activities across the institution
- Challenging and providing credible oversight of first line technology risk assessments, control designs, and remediation plans — offering an independent view on adequacy and effectiveness
- Leading the second line programme for operational resilience, including oversight of business continuity planning, scenario testing, and recovery capability assessments conducted by the first line
- Owning the second line oversight of the third-party risk management lifecycle — reviewing due diligence outputs, monitoring concentration risk, and assessing the adequacy of vendor controls and exit arrangements
- Engaging with MAS and HKMA regulatory requirements governing technology risk and outsourcing, and translating these into policy and oversight requirements
- Providing independent risk opinions to senior leadership and governance committees on technology initiatives, significant change programmes, and system implementations
- Preparing risk reporting and management information for board and senior risk committees
- Acting as a key point of contact for regulatory examinations and liaising with internal audit on technology risk-related reviews
What We're Looking For
- 6–10 years of experience in technology risk, IT audit, or a related discipline within a financial institution or regulated environment
- Solid understanding of MAS and HKMA regulatory frameworks governing technology risk and outsourcing, with hands-on experience applying these in a second line or oversight capacity
- Demonstrated experience across at least two of the three domains: technology risk management, operational resilience, and third-party / vendor risk
- Ability to independently assess and challenge technology risk scenarios — a strong risk oversight lens is essential
- Strong written communication skills, with experience preparing governance papers and committee-level reporting
- Comfortable engaging across multiple stakeholder groups, including first line technology teams, compliance, senior management, and regulators
