Key Responsibilities
• Assist in developing and implementing the Technology Risk Management framework and policies.
• Develop end-to-end Technology Risk Management strategy. Responsible to review and develop Technology related policies to comply with regulatory requirements.
• Perform gap assessment against changes in technology risk and cybersecurity regulatory requirements.
• Suggest recommendations for continuous improvement to the technology risk and cybersecurity framework.
• Develop and monitor Technology Key Risk Indicators and Reporting. .
• Responsible for maintenance of Technology Risk Register monitoring and necessarily follow up of treatment plan.
• Provide continuous risk monitoring to identify and address security gaps.
• Provide advisories on security and risk matters.
• Review independent assessment and audit reports, monitor and track issues for remediation.
Skills And Experience Required
• Bachelor’s degree in computer science or equivalent
• Minimum 7 years’ experience within Information Security Risk / Technology Risk Management in a Fintech or Financial Institution.
• Strong knowledge of regulatory requirements and industry trends/practices (eg. NIST framework, MAS TRM Guidelines, MAS Cyber Hygiene, SOC2, ISO27001 standard)
• Managing 1st and 2nd line risk management with knowledge in key cybersecurity domains such as Application Security, IT Governance, IT Compliance & Audit, Identity & Access Management, Cloud Security, Asset Security, Threat/Vulnerability Management, Business Continuity Management.
• Familiar with MAS Technology Risk Management Guidelines and strong understanding of the issues and legal/technical requirements of those regulatory guidelines.
• Familiar with MAS Outsourcing Guidelines.
• Familiar with MAS Technology and Security regulatory requirements and policies and IT / cyber security best practices, cyber threat landscape, cyber security technologies, including cloud security principles, practices and solutions.
• Experience on security assessment, improvement and solution finding.
• Understanding of cloud platforms (e.g. AWS, Azure) and associated security controls
• Ability to develop security policy, standards and guidelines on best practices and industry standard.
• Strong resilience personality, strong analytical mind and problem-solving skills, with the ability to foster alignment of the IT Risk Management requirements and business strategies to identify and mitigate potential cyber security risks
• Certifications such as CISSP, CRISC, CISA, CISM or any relevant certification is an advantage.