AVP/VP, Risk Technology Manager, SRE - Technology Risk Management & Governance, Group Technology

Technology is key to enabling the DBS vision of being the leading bank in Asia.

To meet the challenges arising from the ever-evolving technological advancements and increasing sophistication and demands of customers, there is a need for deft Technology Risk Managers to ensure robust risk governance.

As a member of the Technology Risk Management team, you will be responsible for driving IT risk management initiatives including risk governance, regulatory inspections, internal & external audits and thematic reviews across the functions and regions.

• Drive and manage the agenda for the Technology Risk Forum, including reviewing stakeholders’ material that will be presented.
• Experience and comfortable to perform technology risk assessment on ad hoc initiatives (new product approval that involve technology changes, Proof of Concept projects, Outsourcing Risk review on technology vendor) and able to articulate the technology risk exposure and its impact to the business that enables the Bank to make informed decision when embarking in such initiatives.
• Engage with technology stakeholders to proactively identify risks at a detailed and technical level and ensure that IT is effectively driving remediation activities and to continuously improve IT risk posture.
• Work with technology stakeholders to design and implement technical IT risk mitigating measures.
• Manage Technology risk initiatives and target reviews across DBS Group
• Assess regulatory (e.g., MAS, HKMA, CBRC, OJK, RBI, etc) changes impacting technology and drive related risk mitigation program with technology stakeholders.
• Proactive in forging effective engagement with key stakeholders on risk management, control and governance matters
• Support TRMG Lead in managing the Risk Control Self-Assessment (annual and agile) activities and ensures that it is executed in line with the RCSA standard with accurate and complete coverage on risk relevant for the respective LOBT’s.
• Ensure the required assessment result of the RCSA has respective follow up action defined. Control gaps are registered in the centralised GRC system and where required, Control testing is designed and implemented to evaluate the sufficiency of the control design and operating effectiveness.
• Monitor periodically the established technology KRI against the threshold, identify breaches and patterns based on the KRI data. Working closely with LOBT risk managers for follow up action on the KRI breaches to evaluate possible systemic issues, measures to implement (path to green).
• Proactive in assessing the KRIs whether it remains fit for purpose and provide recommendation for improvement/recalibration which include influencing and engaging stakeholders as part of KRI lifecycle management.

• At least 15 years of experience with minimum 10 years of working experience in the Financial / Banking IT industry Demonstrated experience in identifying, assessing, and advising on technology risks.
• Experience in IT audit or CISA/CISM/CRISC certified preferred or operational risk management and control self-assessment.
• Strong communication skills at all levels -- able to effectively communicate with IT and senior management, as well as line staff to drive IT risk mitigation initiatives and other IT risk management related areas.
• Knowledge of Information Security, System Resiliency & Availability & Software development practices and frameworks and regulatory requirements preferred.
• Good technical competencies and exposure to IT application or infrastructure development, support, and management.
• Demonstrated experience of leveraging data and analytics to get stakeholder buy-in is a plus.
• Professional Certification required – CISA/CISM/CISSP/CRISC/CBCP.
• Knowledge of the Banking Act – MAS Technology Risk Management Guidelines,MAS Notice 644, MAS 655, Information Security Policy, Cyber Security Act, MAS Outsourcing Guidelines etc.
• Demonstrated experience of leveraging data and analytics to get stakeholder buy-in
• Systemic thinking with strong analytical and planning skills