工作內容:
Job Purpose: As member of Technology Risk Management in DBS, you will be responsible for overseeing the country’s technology risk management function. This pivotal role involves identifying, assessing, and managing technology-related risks to ensure the bank's information technology infrastructure and systems are secure, reliable, and compliant with regulatory standards. This position reports directly to Senior Risk Executive to ensure that the Line 2 (2nd line of defence) can provide a supplementary viewpoint in the risk assessment when issues arise. By participating risk management professionals, you will play a crucial role in safeguarding the bank's reputation, assets, and customer data against potential technological threats and vulnerabilities.
Key Responsibilities: Risk Assessment and Management: •Identify, evaluate, and prioritize potential technology-related risks across the bank's IT environment in accordance to the Group’s technology risk management framework. •Conduct regular risk assessments to evaluate the effectiveness of existing controls and identify areas for improvement. •Collaborate with other departments, such as IT, cybersecurity, compliance, and business units, to ensure a coordinated approach to technology risk management. Technology Policy and Standards: •Implement governance around key processes, and adequacy of frameworks and policies for technology risk management and ensure these are aligned with industry best practices and regulatory requirements. •Ensure compliance with relevant laws, regulations, and internal policies relating to technology risk management. Incident Response and Crisis Management: •Develop and execute incident response plans to handle technology-related incidents, including cyberattacks, data breaches, system failures, and other IT-related disruptions. •Lead the response and recovery efforts during crisis situations to minimize the impact on the bank's operations and customers. Risk Mitigation and Control Implementation: •Propose and implement risk mitigation strategies to reduce the bank's exposure to potential technology risks. •Monitor the implementation and effectiveness of controls and measures to safeguard the bank's technology assets and data. Reporting and Communication: •Prepare regular risk reports for senior management and the board of directors, highlighting key technology risk issues, trends, and remediation actions. •Communicate risk-related matters to various stakeholders, including executive management, business units, auditors, and regulatory bodies. Emerging Technology Risk Analysis: •Stay up-to-date with the latest technological advancements and industry trends to identify and assess potential risks associated with new technologies. •Advise on the adoption of emerging technologies with a focus on managing associated risks effectively. Alert Monitoring and Stress Testing •Work with Line 1 (first line of defence) to determine the threshold standard to monitor alerts. Challenge the LOBTs on the monitoring and define scenarios for stress-testing. Monitor and ensure all flagged issues are tracked to closure. •Participate in stress testing for various disaster recovery scenarios on an adhoc or periodic basis, taking a more thoughtful view at a higher level of what should be tested, including (i) observability (figure out what is happening e.g. is system available/working ok) (ii) scenarios for disaster recovery, and (iii) potential thought experiments (what happens in certain scenarios and whether these scenarios have been tested). Team Leadership and Development: •Recruit, train, and lead a team of technology risk professionals, ensuring they have the necessary skills and knowledge to perform their roles effectively. •Foster a culture of risk awareness and compliance within the team and across the bank.
Qualifications and Skills:• Bachelor's or Master's degree in Information Technology, Computer Science, Risk Management, or a related field.• Significant experience in technology risk management, information security, IT auditing, or a related discipline, preferably within the financial services industry.• Proven leadership and management experience, with the ability to guide and motivate a team effectively.• Strong understanding of IT infrastructure, applications, cybersecurity principles, and technology-related regulations and standards. Domain expertise in one or more of these areas preferred.• Familiarity with industry frameworks and methodologies for technology risk management, such as NIST Cybersecurity Framework, ISO 27001, and COBIT.• Excellent analytical and problem-solving skills, with a keen eye for detail.• Exceptional communication and presentation abilities, with the capability to convey complex technical concepts to non-technical stakeholders.• Professional certifications such as CISA (Certified