AVP, Technology Risk Manager

1. Open to change as the team continually adopts to strategy to meet evolving regulatory and controls landscape.


2. Good understanding of regulatory requirements, such as MAS Technology Risk Management, Outsourcing and Notices FSM-N05, FSM-N06, etc.


3. Experience with performing IT risk and control assessments (including RCSA) and managing audits (internal and external) as well as regulatory inspections.


4. Experience in developing and implementing dashboards/ data visualization, heatmap presentation of metrices.


5. Good understanding and experience (preferred) of DevOps, SRE, Agile methodologies and experience with CI/CD approach and tools. 


6. Hands-on experience in the following infrastructure technology, would be desirable:
   
   
   
   • Servers Platform
   
   
   • Middleware technologies
   
   
   • Microservices
   
   
   • Virtualization
   
   
   • Network
   
   
   • Security
   
   
   • Database 
   
   
   
   

Academic\:

• University degree in technology with at least 6 years of experience in audit/IT security/ risk management. Practitioner and holder of IT risk certification, such as CISSP, CISA, or CRISC would be advantageous. 

Core Competencies 

• Successful candidates should have a strong background in technology risk management, as well as hands-on experience in technology domains or audit/compliance.


• Prior experience in statistical modelling, data analysis, data visualization tools would be an added advantage.


• They are driven, self-motivated individuals that demonstrates initiative and results oriented. Forward-thinking and interested in keeping up to date with developments and best practices in risk management, analytics and automation, the candidate should be hands-on, have good analytical skills, attention to details and have excellent communication and collaboration skills, as well as strong ability to adopt and work effectively in a dynamic, fast-paced environment. 

Description of Risk & Prevention

Group Operations and Technology (O&T) provides IT and backroom support across the bank's business lines such as Group Consumer Financial Services, Group Corporate Banking, Global Treasury, Group Risk Management, Group Finance, and Group Human Resources. 

In addition, Group O&T runs the bank’s regional processing centres and technology operations, drive for productivity gains and lower unit costs by instilling a quality culture, and leverage on the synergy from cross border processing hubs in Singapore, Malaysia and across the region. 

The objective of Group O&T Risk & Prevention (R&P) is to establish a risk awareness and compliance culture that helps Group O&T to manage risks. In supporting O&T departments, Group Risk and Regulatory Compliance Unit as the Division Compliance Officer, Business Continuity Management Coordinator and Ops Risk Management Coordinator, R&P undertakes the following responsibilities\:

• Coordinate and facilitate the implementation of Operational Risk & Compliance policies, methodologies, and initiatives for proactive risk management by Group O&T.


• Monitor and uplift the Division's risk and compliance management performance through tracking of audit issues, compliance breaches and loss events.


• Provide independent review of risk assessments performed by O&T for new/changed processes to ensure integration of risk management to internal processes.


• Manage the audit engagement process, track, and ensure timely closure of issues.


• Promote awareness of risk among O&T staff and educate them on methodologies and processes for risk management and compliance.  

Role Description\: 

The candidate is responsible to ensure that technology-related risks are identified, assessed, and mitigated appropriately. This involves collaborating closely with the technology teams and regional R&P across the OCBC Group to solve technology risk challenges and strengthen Group O&T’s risk culture.  

Duties and Responsibilities\: 

1. Support the Head, R&P – Technology Risk in the overall effective and proactive management of technology risk and controls in Group O&T.

2. Work closely with stakeholders to\: 

a.     Perform risk and control assessment of processes, applications and infrastructure (operating systems, middleware, databases, network) with these objectives\: 

                                           i. Identify, assess, treat, mitigate and articulate the risk in both technical and business context to the stakeholders. 

                                           ii. Assess compliance of processes to the bank’s standards and policies, as well as statutory and regulatory requirements. 

b.      Challenge, drive and discuss controls or risk mitigation solutions, whilst building strong, respectful relationships. 

c.    Support stakeholders in audits (internal/external) and regulatory related reviews and inspections, as well as tracking, reporting and root causes are addressed. 

3. Drive development and implementation of automated risk assessment frameworks that identify and quantify potential risks. 

4. Collaborate with O&T teams across entities locally and in the region to assess risk profiles, identify potential areas of lapses, or non-compliance and develop risk mitigation strategies for sustained controls. 

5. Design and implement automated risk monitoring and reporting that provides alerts and dashboards to help management and stakeholders make informed decisions. 

6. Develop and deliver training programs to educate stakeholders on emerging trends in risk automations. 
7. Provide advice, review and challenge to risk issues and process changes identified by stakeholders to ensure technology-related operational risk identified is assessed adequately, and appropriate controls are in place to mitigate the risks.