AVP, Technology Risk Specialist - Governance, Assurance and Tech Risk Culture

Job Description

Risk Management Group works closely with our business partners to manage the bank’s risk exposure by balancing its objective to maximise returns against an acceptable risk profile. We partner with origination teams to provide financing, investments and hedging opportunities to our customers. To manage risk effectively and run a successful business, we invest significantly in our people and infrastructure.

Technology is key to enabling the DBS vision of being the leading bank in Asia. We are constantly challenged by ever changing technology landscape, increasing customer sophistication / demands and introduction of new / updated regulatory requirements. We need passionate Technology Risk Managers who play a high impact role as second line function in enhancing the bank’s technology risk and cybersecurity posture. This includes identifying potential technology and cybersecurity risks associated with existing, evolving and new technology systems and business processes, assessing potential impacts and engaging with other technology leaders on the risk treatment options based on enterprise risk appetite. Risks and mitigation plans are reported to senior leadership for review and attention.

The incumbent is expected to be adept at utilizing AI tools for analytical work and identifying emerging technology risk trends and systemic issues. The incumbent also possesses strong governance capabilities, preparing comprehensive reports for risk committees and acting as the audit focal point for the department.

Reporting:

• Ability to adopt AI tools (similar to Chat-GPT) for analytical work. Structured and methodical in articulating approach for analysis.
• Experienced in identifying emerging risk trends, hotspots, systemic issues and potential technology risks and controls issues.
• Analyse trends, anomalies and behaviours and work with technology stakeholders to design and implement technical IT risk measure that are relevant to the Lines of Business.
• Use data driven approach and possess extensive experience in working with data and using reporting tools for creating dashboards.
• Familiarity with technology risk culture, including the measurement of relevant metrics and the utilization of tools like risk dashboards.

Governance:

• Ability to track tasks related to audit actions and risk committees and follow up with stakeholders.
• Experienced in assurance reviews, including short and targeted focused reviews for areas of topical and key concern.
• Ability to work independently, prepare and write comprehensive reports on technology and cybersecurity risk domains for presentation to risk committees.
• Ability to communicate complex technology risk concepts in a clear and concise manner.
• Manage internal / external audits, regulatory reviews and act as audit focal point for the department.

• University degree or equivalent, in finance, accountancy, business and/or technology.
• At least five (5) years of working experience in Banking, with good understanding of operational risk, technology risk and reporting processes.
• Aptitude and experience in risk and control related reporting or governance roles and familiar with reporting tools. Some experience in IT audit or assurance is highly desirable.
• Demonstrated experience in learning and development related to fostering a robust risk culture within a financial institution is highly advantageous.
• Strong communication and facilitation skills; able to organize, coordinate and work with stakeholders.
• An analytical thinker with strong risk acumen, skilled in leveraging programming to analyze data for risk reviews and assessments.
• Positive attitude to change, constantly looking for better ways to get things done and to challenge status quo.
• Self-driven and able to balance creative and pragmatic approaches.
• Professional certifications is mandatory with a minimum of 2 certificates below:
• Certified Information Systems Auditor (CISA)
• Certified Cloud Security Professional (CCSP).
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• CSX Cybersecurity Practitioner (CSXP)

• Support the Head of Unit in discharging the responsibilities of the team.
• Work effectively as a team member.
• Develop relationships with colleagues in the technology organisation.