IT & Ops Risk Lead

Posted 15 September 2022
Job type Permanent
DisciplineChief Operating Officer & Governance

Job Description

Key Responsibilities

  • Develop, implement and maintain the framework (policies and procedures, templates) for Operational Risk Management (“ORM”) and its underlying sub-risk types including business resilience, technology, third party and outsourcing, data governance, and new products.
  • Act as subject matter expert (SME) and advise on the implementation of the ORM framework including risk assessments, due diligence assessments and policy dispensations.
  • Oversee risk and control activities such as business process mapping, risk and control self-assessment (“RCSA”) and Business Continuity Management (“BCM”) testing.
  • Conduct risk assessments of technologies or processes where required, e.g. Business Impact Analysis (“BIA”), third party and outsourcing due diligence, new product assessment, etc.
  • Facilitate the risk acceptance process that evaluates risk and compensating controls, identify risk owners and set conditions on risk acceptance.
  • Work with team in implementing Fraud rules, using a combination of best practices, AI and ML tools. Monitor changes to fraud landscape, industry (e.g. digital banking, fintech and payment) practices and technologies; and enhance the fraud risk strategy to ensure the firm implements adequate controls across FRM to address these changes.
  • Monitor new regulatory requirements, conduct gap analyses against new regulations/ guidelines and the ORM framework.
  • Participate in IT, information and cyber security incident responses and review related incident reports submitted to regulators.
  • Develop and provide training for employees to promote risk awareness and ensure relevant employees are trained on the policies for OR and its sub-risk types.
  • Define and propose risk management metrics (e.g. key risk indicator/ key control indicator) to monitor the risk and control environment; and periodically report to the risk committees to support senior management in risk oversight and governance.
  • Monitor that employees / personnel and service providers implement controls that achieve the ORM’s objectives and is sustainable; including the appropriateness and effectiveness of processes for the identification, management and control of OR risks.
  • Design, implement and maintain risk management tools.
  • Support internal and external audit/ assessment engagements.

Key Requirements

  • Bachelor's degree in computer science/ engineering, information systems or related domains.
  • 10+ years of experience in either information security, risk management or audit and compliance in technology and operational areas, preferably within the financial industry.
  • Familiar with technology and operational risk regulatory and legislative requirements (e.g. MAS Notice 644, Notice 655, TRM guidelines, Guidelines on Risk Management Practices, Business Continuity Management Guidelines, Guidelines on Outsourcing, Cloud Advisory, Banking Secrecy Act, Cyber Security Act and Personal Data Protection Act) and industry standards (e.g. ITIL, SANS, NIST, ISO 27001/2).
  • Professional certification such as CISSP/ CISA/ CISM/ CRISC/ CDPSE will be an added advantage.