- Category Financial ServicesTechnology
- Industry Wholesale Banking and Global Markets
- Function Cyber Security, IT Security and Risk
- Consultant Chen Yi Ooi
- License No 16S8060
- Registration No R1876389
- Job Ref No CY22807
- Salary S$150,000 - S$250,000
Kerry Consulting is currently partnering with a Regional Bank to hire for an IT Risk, Governance and Compliance Lead. You will report directly to the CISO and manage a team of 9 within the first line of defense function.
- Lead and manage the development, review and reporting of key IT risk exposures and metrics (e.g. KRIs and KPIs), and provide independent reporting on the IT risk posture or activities to the management team and stakeholders (e.g. second line of defence).
- Develop, review and maintain regional IT risk management framework, standards and procedures to ensure that they are relevant, up to date and aligned with Head Office and regulatory standards.
- Roll out and provide guidance to the regional IT teams and branches on global and regional IT risk management methodologies (ISO, NIST CSF, COBIT, COSO, SOX, SOC, etc.) and tools, to enable them to manage their IT risks in a standardised and systematic manner.
IT Risk & Audit
- Conduct IT risk assessments; identify and assess IT risks, evaluate countermeasures and recommend effective controls to mitigate IT risks.
- Monitor IT risks, map risk profiles and manage the IT risk register, as well as enhance and enhance Key Risk Indicators for reporting to second line of defence and risk management committees.
- Manage audit end to end through collaboration with all relevant parties including Head Office, regulators, internal/external auditors and subject matter experts.
- Assist with the management and coordination of audits, regulatory responses and assessments focusing on a broad scope of technology and information security topics. This includes understanding International Auditing Standards as well as understanding processes for documenting self-assessment evidence and records retention practices
- Execute, manage, enhance and implement processes to comply with IT regulatory and corporate requirements.
- Conduct, manage and drive IT Compliance assessments and reviews on IT regulatory and corporate requirements at the regional level.
- Ensure gaps are addressed via remediation plans that adhere to open issues management requirements including timely issue and corrective action plan submission, accurate root cause identification, corrective action monitoring, on time closure, and no failed validations.
Third Party Management for Inter-Affiliates
- Execute, manage, enhance and implement the Third Party Risk Management (TPRM) framework for the region.
- Conduct due diligence, ongoing monitoring and reporting on the oversight of the TPRM.
- Maintain compliance with regulatory requirement.
- Work in partnership with Head Office, various branches and departments to support the implementation of global, regional and local projects.
- Provide advisory for technology compliance and risk management activities.
- Develop and maintain strong stakeholder management with all key stakeholders.
- Experience managing a first, second, or third line function responsible for technology and information security related risks and controls
- Prior experience in the banking and finance industry is preferred
- Strong understanding of IT Governance, Risk and Compliance principles, IT controls in all disciplines of technology domains, as well as Cyber Security related risks
- Good working knowledge of relevant IT-related laws and regulations of Singapore and the Asian Pacific region, understanding of industry trends, knowledge on technology like Cloud, Cryptography and IT security products etc, is preferred
If you are interested to apply ot learn more about this role, please reach out or share your CV to Chen Yi at email@example.com.
License No: 16S8060
Registration No: R1876389