Head of Tech Risk and Governance - Group Chief Information Officer

Some careers have more impact than others.

If you’re looking for a career where you can make a real impression, join HSBC and discover how valued you’ll be. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

Our GCIO organisation plays a critical role for the bank. This team partners with the businesses to build the platforms, systems, and products that our customers use every day. We keep people’s money and data safe, and are at the forefront of driving innovation for our businesses, customers, and colleagues.

We are currently seeking a high calibre professional to join our team as a Head of Tech Risk and Governance.

Principal Responsibilities

In this role you will

• Conduct technology risk assessments (e.g., application, infrastructure, third-party, cloud) to identify potential vulnerabilities, threats, and control gaps and evaluate the effectiveness of technology controls and recommend enhancements to mitigate identified risks
• Maintain and update the bank's technology risk register, tracking key risks, control effectiveness, and mitigation actions and monitor technology risk metrics and Key Risk Indicators (KRIs) to provide early warnings of potential issues and participate in technology project lifecycle reviews (SDLC) to ensure security and risk-by-design principles are incorporated from inception
• Collaborate with internal Technology and business units to develop and implement risk treatment plans and represent the bank in external bodies on discussion relating to technology risks and resilience challenges
• Interpret, implement, and monitor compliance with various Singapore regulations and industry standards, including but not limited to requirements for cybersecurity, data governance, business continuity, outsourcing and incident management and participate in regulatory inspections and audits, providing necessary documentation and explanations
• Assist in the development, review, and update of technology risk management policies, standards, guidelines, and procedures and ensure policies are aligned with regulatory requirements, industry best practices, and the bank's risk appetite
• Conduct technology risk assessments for third-party vendors and service providers, especially those handling sensitive data or critical services and ensure third-party contracts include appropriate security and compliance clauses
• Provide expert advice and guidance to technology and business teams on technology risk, control, and compliance matters and develop and deliver training and awareness programs on technology risk and security best practices to employees and customers
• Prepare regular risk reports, dashboards, and presentations for management, risk committees, and the Board (as required) and communicate technology risk posture, compliance status, and emerging threats effectively