Group Technology, Information & Cyber Risk (G-TICR) is a Head Office function, and one its key objectives is to establish and maintain governance and oversight on the effectiveness of technology, information and cyber risk management for OCBC Group.He/ she will have, but not limited to, the following responsibilities:
- Support risk governance related activities to facilitate or strengthen oversight of the effectiveness of technology, information or cyber risk management for the OCBC Group.
- Perform regular risk monitoring and management reporting on risk posture across the Group.
- Drive or support the formulation and regular update of related Framework and supporting Policies to incorporate applicable industry leading practices and regulatory expectations.
- Drive or support the review and enhancement of controls for existing banking services against emerging technology, information and cyber risks
- Provide risk advisory service, including recommendation of risk mitigation options, on technology, information and cyber risks associated with new banking services, fintech initiatives, outsourcing-related arrangements, regulatory and legal guidelines
- Drive or support bank-wide initiatives to facilitate management of applicable legal & regulatory requirements (e.g., Cybersecurity Act, MAS Technology Risk Management Guidelines).
- Drive the bank-wide technology, information and cyber risk awareness and training program
- Keep abreast of new technologies and related risks, industry trends, and regulatory requirements relating to technology, information & cyber security
Qualifications Experience required:
- More than 10 years of relevant experience in technology, information or cyber risk management, information security or IT audit within the financial services industry.
- Proficient in risk management, IT governance, information & cyber security standards.
- Experienced in leading risk assessments and risk reduction initiatives.
- Good knowledge and experience in managing legal and regulatory requirements pertaining to technology, information or cyber risk domains (e.g., Singapore, Malaysia, Hong Kong, China).
- Good written and communication skills, as well as solution oriented.
- Ability to interact, engage and influence with stakeholders across all levels.
- Ability to contribute through others, collaborate well across seniority, cultures and locations.
- Proactive and able to work well under pressure or tight deadlines.
Education and Professional Certifications:
- Degree in Computer Science or equivalent technical degree.
- Relevant professional certifications (e.g., CISA, CISM or CRISC) would be advantageous.