IT Risk Officer

IT Risk Management is a regional function in Asia responsible for technology risk governance and management. This function works in close collaboration across IT to foster a strong risk culture and awareness. Primary responsibilities include risk management activities aimed at continuously strengthening IT operational and security posture, and providing risk transparency to management.

1. Manage IT regulatory remediation projects and validate IT remediation actions.
2. Support the rollout of IT risk management strategy, framework, and standards in Asia.
3. Support day-to-day IT Risk management activities in Asia, including:
   1. Maintenance of the central risk register.
   2. Tracking of risk mitigation plans.
   3. Follow-up on risk remediation and mitigation plans.
4. Assist in preparing risk reports for the IT Risk Management Forum and Operational Risk Committees in Singapore and Hong Kong.
5. Perform regulatory (MAS and HKMA) and security assessments, review technical control effectiveness, identify gaps, and follow up on actions.
6. Perform and execute internal control plans.
7. Review application security concepts during project implementations.
8. Work with internal and external audit teams to facilitate fieldwork and track IT audit items.
9. Handle routine security tasks such as password management and request reviews.
10. Promote a positive risk culture through training, communication, and collaboration.
11. Prepare materials for periodic IT Risk Awareness training sessions.

1. Maintain the central risk register for Asia.
2. Support risk owners in developing mitigation and remediation strategies for risks categorized as High, Medium, and Low.
3. Oversee risk mitigation and remediation plans.
4. Collaborate with IT Project Managers to identify and manage residual project risks.
5. Coordinate with the Information Security team to support cyber risk mitigation.
6. Prepare risk reporting materials for forums and committees.
7. Validate internal controls and report exceptions.
8. Monitor and report on control statuses.
9. Deliver IT risk awareness training.
10. Assist IT teams in responding to audit inquiries and track audit remediation plans to ensure closure.

• Engage with various IT functions regionally and globally, including operational risk, legal, and compliance teams.
• Build strong relationships with key stakeholders such as IT Service Owners, Infrastructure, Application Managers, Architecture, and Project Managers.

• Ensure ethical and compliant behavior aligned with organizational values and legal requirements, including honesty, integrity, due care, fair dealing, conflict management, competence, and continuous development.

• Excellent communication skills (oral, written, presentation, facilitation).
• Ability to work under stress.
• Independent, self-driven, and capable of managing relationships and resolving conflicts effectively.

• 6-7 years of experience in IT, Risk Governance, Control, Security, or Audit, preferably in banking/wealth management.
• Strong technical skills, experience in IT delivery and system design is advantageous.
• Certifications such as CISSP or CISA are preferred.

• Familiarity with Singapore and Hong Kong regulatory environments; experience interacting with regulators is a plus.