The Role
As a member of the Technology Risk Team, you will be collaborating with various stakeholders within SMBC Technology teams, regional branches, Risk Department or Legal/Compliance to manage technology related risks as well as participating in IT Governance, Risk and Compliance (GRC) activities within the region.
Job Responsibilities
Oversee IT GRC activities within APAC branches such as collating risk reports, supporting branches audits, reviewing Risk acceptance requests.
Manage or support regulatory compliance effort within the region, e.g., MAS Cyber Hygiene or RMiT gap analysis, follow up on questionnaires and Circulars etc.
Function as a consultant/advisor on risk & control or regulatory matters to technology units, as well as working with them to resolve technology risk issues.
Coordinate and facilitate the control self-assessment activities, including conducting independent control testing where necessary or reviewing appropriateness of control descriptions.
Offer effective 1LOD challenge to technology units on risk remediation priorities and provide risk opinion, advisories & recommendations to IT management and 2LOD.
Support 2LOD in risk governance activities, e.g., establish KRIs and Technology Management Framework as well as monitoring/reporting of KRIs.
Maintain and upkeep IT policies and processes owned by the team.
Job Requirements
Master's or bachelor's degree in a technical discipline preferably in Computer Science/Engineering or equivalent.
Min. 5 years of working experience with min. 3 years in risk & control or audit function in the financial industry.
Ability to identify risks and assess adequacy of controls as well as recommending suitable control enhancements.
Good appreciation of cyber risk management strategies/controls in the industry
Excellent communication, presentation, and interpersonal skills and able to manage stakeholders across multiple disciplines.
Prior experience in delivering security awareness training within the organization.
Strong critical thinker with the vision to work both tactically and strategically.
Candidates with CISSP or CISM certification is preferred.
Experienced candidate would be considered for a senior role.
Work location: One@ChangiCity
