Manager, Technology Risk

ROLE PURPOSE:

• Provide technical expertise in risk quantification analysis to promote the development of sound technology risk management in the financial industry for financial stability and public confidence.

PRINCIPAL ACCOUNTABILITIES:

• Develop risk quantification infrastructure via adaptation of proven models, methodologies or practices, for effective prioritisation of high impact IT and cyber risks measures.
• Perform thematic review or relevant studies on the adequacy of risk quantification models and methodologies adopted by financial industry to promote best practices to the industry.
• Promote the use of big data and artificial intelligence in technology supervision.
• Lead horizontal surveillance to identify and escalate emerging risks across financial industry.
• Provide tactical and strategic recommendation to prevent build-up and propagation of excessive risk in the financial system.
• Lead assessment on complex technical areas to support supervisory assessment and policy development.
• Apply continuous improvement that is fit-for-purpose in line with regulatory requirements and global best practices.
• Prepare written reports, presentation material and public communique where required. Ensure quality output of work produced by risk analyst. Communicate results to the stakeholders and execute action plan.
• Work closely with relevant stakeholders in the Bank and industry to sustain effective two-way communication.
• Internal: engage with Relationship Managers (RMs) of supervision departments to ensure overall supervisory response is appropriate and coordinated, and the reporting overhead incurred is minimised.
• Network with industry players (e.g. CIO/CISO/CRO of banks), major technology providers, relevant government agencies to gather market sentiments, trends and current emerging issues.
• Capability building to strengthen IT risk management:
• Pay-it-forward: provide leadership and oversight to feeder pool (L1).
• Show-the-way: Participate in designing and conducting supervision courses and knowledge sharing sessions.
• Make-it-simple: Conduct process improvement initiatives to make work effective.

CRITICAL SUCCESS FACTORS:

• Strong individual contributor with ability to coach team member;
• Effective collaboration and networking with internal and external stakeholders;
• Effective use of technology and suptech tools;
• Rigor in research and output preparation;
• Sound judgement to apply fit-for-purpose risk management best practices;
• Ability to see the big picture and dynamics at play for commercial entities;
• Ability to assess complex issues, identify pragmatic solutions and communicate/ escalate concerns clearly and effectively;
• Comfortable to push the boundary whilst apply appropriate boundary management for sustained performance.

REQUIREMENTS:

• Academic: Min. Bachelor Degree in computer science/ data science or any other relevant degree.
• Experience: Min 5 years in IT quantitative risk analysis, data analytics, IT risk audit and management.
• Professional certification related to risk quantification analysis, information systems security, auditing, control, assurance and risk management, e.g. ISACA CISA/ CISSP/ CRISC/ CGEIT/ CDPSE, ISO27001, CEH, CQRM, OpenGroup FAIR, ITIL, TOGAF, CCSM/CCSK or other related certifications.