Risk Management Group works closely with our business partners to manage the bank’s risk exposure by balancing its objective to maximise returns against an acceptable risk profile. We partner with origination teams to provide financing, investments and hedging opportunities to our customers. To manage risk effectively and run a successful business, we invest significantly in our people and infrastructure.
Technology is key to enabling the DBS vision of being the leading bank in Asia. We are constantly challenged by ever changing technology landscape, increasing customer sophistication / demands and introduction of new / updated regulatory requirements. We need passionate Technology Risk Managers who play a high impact role as second line function in enhancing the bank’s technology risk and cybersecurity posture. This includes identifying potential technology and cybersecurity risks associated with existing, evolving and new technology systems and business processes, assessing potential impacts and engaging with other technology leaders on the risk treatment options based on enterprise risk appetite. Risks and mitigation plans are reported to senior leadership for review and attention.
Knowledge and experience in assessing and managing risks from third party technology vendors is essential for this position. The incumbent is a driven, self-starter, who plays an active role working in a dynamic environment with the Technology risk teams and is expected to have analytical skills to assess information and identify potential risks, be inquisitive on risks and controls issues. The role requires working closely with relevant stakeholders to review and monitor risk metrics, events and control deficiencies relating to the third party technology vendor management. There will be frequent opportunities to represent Technology Risk’s view in risk forums and different levels of risk committees. The demands and high-visibility nature of this position require an expert with a proven ability to work independently in a fast-paced environment and who can begin contributing immediately.
- Partner with stakeholders across Group Technology to assess and manage risks from third party technology vendors
- Review adequacy of controls on third party technology vendor management in alignment with the associated risks
- Provide independent challenge on risk management of third party technology vendors
- Analyse and identify emerging trends, hotspots, systemic issues and potential risks relating to third party technology vendors, including tracking and management reporting.
- Partner with first line peers to succinctly frame and report on risks relating to technology third party vendors.
- Perform thematic second line assurance reviews, including short and targeted focused reviews for areas of topical and key concern.
- Proactive in forging effective engagement with key stakeholders on third party technology vendor management and governance matters.
- Ability to work independently, prepare and write comprehensive reports for senior management on risk posture and events relating to third party technology vendors for presentation to risk committees
- Degree holder in Information Technology, Computer Science or related discipline.
- Minimum 12-15 years of working experience in relevant field.
Professional memberships and certifications would be considered favourably (e.g., CTPRP CISA, CISSP, CISM, CCSP, etc.):
- Professional security or risk management certifications.
- Certified Third Party Risk Professional (CTPRP)
- Certified Information Systems Auditor (CISA)
- Certified Cloud Security Professional (CCSP)
- Certifications related to SRE such as SRE Practitioner.
- Excellent in leadership skills.
- Moderate to master proficiency in developing & coaching, communication, business focus, planning & organising, teamwork & collaboration, and problem solving.
- Change/innovation oriented, takes ownership of results, and is customer focused.
- Strong expertise and knowledge on technology vendor management and third party risk management.
(1) Technical Experience
- IT professional with experience and exposure in managing technology vendor risks
- Proficiency in risk assessment tools, data analysis, and reporting software.
- Prior experience in third party risk management or vendor risk management
- Sound knowledge in regulatory requirements (e.g. MAS Notice 644, 655, and TRM guidelines) and industry standards/ frameworks such as ITIL, SANS, COBIT, NIST, ISO 27001/2, Cyber Security Act, Banking Act, Personal Data Protection Act.
(2) Non-Technical Experience
- Superb interpersonal and communication skills that include active listening, writing and executive presentation skills.
- Excellent influencing and persuasion skills.
- Proven critical analytical, including and the ability to express a point of view supported by data (with both technical and non-technical audiences).
- Comfort raising concerns early and knows when to escalate, including the ability to raise issues and facilitate constructive problem-solving at all levels of the organization.
- Experience in a second line or oversight role at a financial institution or regulatory agency.
- Good planning and other project management skills, including strong organisation skills.
- Must be solutions oriented; ability to work with all levels of management and staff.
- Self-driven, passionate about hands-on learning on emerging technologies and its risks.
- Self-starter, performance-oriented individuals.
- Passionate about driving change through innovation.
- General understanding of overall banking business.
(3) Work Relationship
- Support the Head of Unit in discharging the responsibilities of the team.
- Strong ability in knowledge sharing with peers.
- Contribute as a member of Team and collaborate with fellow team members and technology managers.
- Develop relationships with peer in the technology organisation
We offer a competitive salary and benefits package and the professional advantages of a dynamic environment that supports your development and recognises your achievements.