Head of Technology Risk Management, Risk Management Group

Business Function:

Risk Management Group (RMG) is responsible for the development and maintenance of risk management and internal control frameworks. We provide independent review and challenge to business to ensure that appropriate balance is considered in risk/return decisions. In addition, RMG is responsible for the monitoring and reporting on key risk issues of the Bank. To manage risk effectively and deliver strong financial performance, we invest significantly in our people and infrastructure.

Job Purpose:

As the Country Head of Technology Risk Management in DBS, you will be responsible for overseeing the country’s technology risk management function. This pivotal role involves identifying, assessing, and managing technology-related risks (including Gen AI and Data Governance) to ensure the bank's information technology infrastructure and systems are secure, reliable, and compliant with regulatory standards.This position reports directly to Senior Risk Executive to ensure that the 2^nd line of defence can provide a supplementary viewpoint in the risk assessment when issues arise. By leading a team of risk management professionals, you will play a crucial role in safeguarding the bank's reputation, assets, and customer data against potential technological threats and vulnerabilities.

Responsibilities:

Risk Assessment and Management

· Identify, evaluate, and prioritize potential technology-related risks across the bank's IT environment in accordance to the Group’s technology risk management framework

· Conduct regular risk assessments to evaluate the effectiveness of existing controls and identify areas for improvement

· Collaborate with other departments, such as IT, cybersecurity, compliance, and business units, to ensure a coordinated approach to technology risk management

Technology Policy and Standards

· Implement  governance around key processes, and adequacy of frameworks and policies for technology risk management and ensure these are aligned with industry best practices and regulatory requirements

· Ensure compliance with relevant laws, regulations, and internal policies relating to technology risk management

Incident Response and Crisis Management

· Develop and execute incident response plans to handle technology-related incidents, including cyberattacks, data breaches, system failures, and other IT-related disruptions.

· Lead the response and recovery efforts during crisis situations to minimize the impact on the bank's operations and customers

Risk Mitigation and Control Implementation

· Propose and implement risk mitigation strategies to reduce the bank's exposure to potential technology risks

· Monitor the implementation and effectiveness of controls and measures to safeguard the bank's technology assets and data

Reporting and Communication

· Prepare regular risk reports for senior management and the board of directors, highlighting key technology risk issues, trends, and remediation actions

· Communicate risk-related matters to various stakeholders, including executive management, business units, auditors, and regulatory bodies

Emerging Technology Risk Analysis

· Stay up-to-date with the latest technological advancements and industry trends to identify and assess potential risks associated with new technologies

· Advise on the adoption of emerging technologies with a focus on managing associated risks effectively

Alert Monitoring and Stress Testing

· Work with Line 1 (first line of defence) to determine the threshold standardto monitor alerts.Challenge the LOBTs on the monitoring and define scenarios for stress-testing.Monitor and ensure all flagged issues are tracked to closure

· Participate in stress testing for various disaster recovery scenarios on an adhoc or periodic basis, taking a more thoughtful view at a higher level of what should be tested, including (i) observability (figure out what is happening e.g. is system available/working ok) (ii) scenarios for disaster recovery, and (iii) potential thought experiments (what happens in certain scenarios and whether these scenarios have been tested)

Team Leadership and Development

· Recruit, train, and lead a team of technology risk professionals, ensuring they have the necessary skills and knowledge to perform their roles effectively

· Foster a culture of risk awareness and compliance within the team and across the bank

Requirements:

· Bachelor's or Master's degree in Information Technology, Computer Science, Risk Management, or a related field

· Significant experience in technology risk management, information security, IT auditing, or a related discipline, preferably within the financial services industry

· Proven leadership and management experience, with the ability to guide and motivate a team effectively

· Strong understanding of IT infrastructure, applications, cybersecurity principles, and technology-related regulations and standards.Domain expertise in one or more of these areas preferred

· Familiarity with industry frameworks and methodologies for technology risk management, such as NIST Cybersecurity Framework, ISO 27001, and COBIT

· Excellent analytical and problem-solving skills, with a keen eye for detail

· Exceptional communication and presentation abilities, with the capability to convey complex technical concepts to non-technical stakeholders

· Professional certifications such as CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), or CRISC (Certified in Risk and Information Systems Control) are advantageous

· As the Head of Technology Risk, you will play a critical role in maintaining the bank's technology resilience, ensuring that it can leverage technology while effectively managing potential risks that may arise from the digital landscape

立即申請

We offer a competitive salary and benefits package and the professional advantages of a dynamic environment that supports your development and recognises your achievements. 

We regret only shortlisted candidates will be notified.