VP, Specialist, Technology Risk, Framework and Risk Culture

Business Function Risk Management Group works closely with our business partners to manage the bank's risk exposure by balancing its objective to maximise returns against an acceptable risk profile. We partner with origination teams to provide financing, investments and hedging opportunities to our customers. To manage risk effectively and run a successful business, we invest significantly in our people and infrastructure. Responsibilities Technology is key to enabling the DBS vision of being the leading bank in Asia. We are constantly challenged by ever changing technology landscape, increasing customer sophistication / demands and introduction of new / updated regulatory requirements. We need passionate Technology Risk Managers who play a high impact role as second line function in enhancing the bank's technology risk and cybersecurity posture. This includes identifying potential technology and cybersecurity risks associated with existing, evolving and new technology systems and business processes, assessing potential impacts and engaging with other technology leaders on the risk treatment options based on enterprise risk appetite. Risks and mitigation plans are reported to senior leadership for review and attention. The incumbent will be part of the Technology Risk team, with primary focus on technology-risk related regulatory compliance for Singapore and the region. The role involves supporting technology and security compliance, implementation of these requirements and performing related reviews and reporting. The incumbent is a driven, self-starter, who plays an active role working in a dynamic environment with the Technology risk teams and is expected to have analytical skills to perform assessment against compliance with technology and security requirements. The role requires working closely with and partnering with various internal stakeholders as well as preparing progress reports to relevant Risk Committees.

• Support technology and security compliance to internal policies, processes, and controls, as well as compliance to external regulations.
• Implementation of technology regulatory and compliance requirements, including development of regulatory framework, policies and procedures.
• Perform technology regulatory compliance reviews.
• Ensure technology compliance risks are escalated, managed, reported and tracked.
• Enhance the business' understanding of regulatory/compliance requirements and the implications to individual initiatives and the broader firm.
• Support technology regulatory reviews including coordination, communications, and required actions with internal stakeholders as appropriate.
• Support the function in other technology risk management duties as appropriate.

• Minimally 10-12 years of experience. Sound knowledge in regulatory requirements (e.g. MAS Notice 644, 655, and MAS TRM guidelines) and industry standards/ frameworks such as ITIL, SANS, COBIT, NIST, ISO 27001/2, Cyber Security Act, Banking Act, Personal Data Protection Act, regional technology-related regulations.
• Superb interpersonal and communication skills that include active listening, writing and executive
• Excellent influencing and persuasion skills
• Comfortable to raise concerns early and knows when to escalate, including the ability to raise issues and facilitate constructive problem-solving at all levels of the organization
• Experience in financial institutions / regulatory agencies / Big 4 Audit firms
• Good planning and other project management skills, including strong organisation skills
• Solutions oriented; ability to communicate and work with all levels of management and staff
• Self-starter, performance-oriented individual
• Possess sound understanding on banking-related applications and technologies in terms of products and supporting services, system and business operation procedures, risk management, regulatory compliance, etc.
• Professional memberships and security certifications would be considered favourably (e.g., CISA, CISSP, CISM, CCSP, etc.)
• Professional security or risk management certifications.
• Certified Information Systems Auditor (CISA)
• Certified Risk & Information Systems Control (CRISC).
• Certified Cloud Security Professional (CCSP).
• Certifications related to SRE such as SRE Practitioner