VP (Information Security)

SVP/VP - Information Security/ Cybersecurity, Technology Risk Manager, Tech COO, Group Technology

Job Summary

• Technology is key to enabling the DBS vision of being the leading bank in Asia. To meet the challenges arising from the ever-evolving technological advancements and increasing sophistication and demands of customers, there is a need for deft Technology Risk Managers to ensure robust risk governance.
• As a member of the Technology Risk Management team, you will oversee a global portfolio of technology risk management activities (includes participating in any technology risk management related initiatives), with a focus on:
  • Targeted Risk Reviews
  • Policy/Standard/Guide enforcement validation
  • Thematic risk analysis for IT risks
• This role ensures that DBS Bank's technology risk framework aligns with global regulatory requirements (MAS, HKMA, RBI, GDPR, etc.)and industry best practices (NIST, ISO 27001, COBIT), and internal policies while identifying vulnerabilities and recommending mitigation strategies.
• The position requires a strategic leader who can identify systemic risks, drive audit remediation, and enhance governance across all regions where DBS operates.

• Accountable for managing internal and external reviews/audits from audit planning (such as request for information (RFI), opening meeting, etc.), fieldwork (such as RFI, issue discussion, etc.), to reporting and closing meeting.
• Responsible for monitoring and validating the closure of management actions, arising from internal and external reviews/audits, including regulator inspection reviews.
• Perform review of new / revised processes, provide risk opinion and ensure proper approvals and documentations.
• Collaborate with the different technology teams to conduct post implementation review of new / revised processes to provide assurance.
• Prepare and develop technology risk insights (such as IT audit thematic and trend analysis) to be presented at forums (such as technology risk forums, etc.).
• Engage and collaborate with technology stakeholders to proactively identify risks at a detailed and technical level and ensure that IT is effectively driving remediation activities and to continuously improve IT risk posture.
• Stay ahead of cyber threats, regulatory changes, and digital banking risks.
• Drive automation (e.g., data analytics, AI/ML) for continuous auditing.
• Provide risk assessment and advisory as required:
  • Evaluate the effectiveness of IT risk governance, security policies, and control frameworks.
  • Assess cyber resilience, red-team exercises, and penetration testing outcomes.
  • Provide actionable recommendations to senior management for risk mitigation.
• Manage technology risk initiatives and perform targeted reviews focusing on, but not limited to, the following domain areas:
  • Cybersecurity controls (e.g., network security, endpoint protection, cloud security, IAM, encryption)
  • Regulatory compliance (MAS, GDPR, RBI, HKMA, etc.)
  • Third-party/vendor risk management
  • Incident response & threat intelligence capabilities
  • Emerging risks (AI, fintech, API security)

• At least 12 years (SVP) / 8 years (VP)in technology risk management, IT audit, or cybersecurity governance, preferably in global banking/financial services.
• Deep expertise in:
  • Regulatory frameworks (MAS TRM, Basel III, GDPR, SOX-ITGC)
  • Cloud security (AWS, Azure, GCP) and DevSecOps controls
  • Third-party & supply chain risk management
  • Data analytics for risk monitoring (Excel, Power BI, Tableau, SIEM tools)
• Proven track record in leading global risk programs and managing cross-regional stakeholders.
• Demonstrated experience in Identifying, assessing and advising on technology risks.
• Excellent organizational, problem solving, interpersonal and operating skills to effectively drive the IT Risk agenda with IT functions.
• Strong communication skills at all levels -- able to effectively communicate with IT and senior management, as well as line staff to drive IT risk mitigation initiatives and other IT risk management related areas.
• Ability to leverage on data analytics to present trends, explain complex issues in a presentable and logical manner
• Experience in driving IT risk management in digital age, leveraging Gen AI and Machine Learning tools, a plus.
• Knowledge of Information Security, System Resiliency & Availability & Software development practices and frameworks and regulatory requirements preferred.
• Good technical competencies and exposure to IT application or infrastructure development, support and management.
• Demonstrated experience of leveraging data and analytics to get stakeholder buy-in is a plus.

• Strong executive communication(for Technology EXCO-level reporting).
• Ability to translate technical risks into business impact.
• Leadership in driving cultural change toward risk awareness.

• Bachelor's/Master's in Cybersecurity, IT Risk, Computer Science, or related field.
• Certifications (Required):CISA, CISSP, CRISC, CISM, or equivalent.
• Preferred:ISO 27001 Lead Auditor, AWS/Azure Security, CCSP.

We would like to remind you that eFinancialCareers is a job board and does not conduct hiring or ask for payment or any financial details as part of the job application process.

If you receive any suspicious messages claiming to be from us or a hiring company, we urge you not to click on any links and not to reply to the message itself.

Instead, please report the message to our support team at support@efinancialcareers.com .

It is advisable to always verify job offers directly with the hiring company.