Tech and Security Governance Specialist

Trust is the first of a new breed of banks in Singapore - digitally native and focused on delivering a delightful customer experience. You will work in a fast-paced and collaborative environment to solve new and interesting challenges each day. Together with our Trust team, you will help shape the future of our bank.

As a **Tech and Security Governance Specialist**, you will acquire new ways of working and be involved in solving interesting challenges, building innovative, industry-leading products and digital journeys for our customers and managing risks intelligently. Professionally, you will have the opportunity to work with cutting-edge cloud technologies, expand your security risk expertise in cloud and banking domains.

The **Tech and Security Governance Specialist** functions within Line 1.5, bridging the gap between first-line operations and second-line risk management in our cloud-native banking environment. This role combines hands-on security expertise with risk management capabilities to provide risk oversight of the Bank's Security posture while ensuring compliance with financial services regulations and cloud security frameworks.

**Key Responsibilities**:

- Develop, monitor and report on Key Control Indicators (KCIs) for critical security controls incl trend analysis reports on KCI performance and control effectiveness
- Track, assess and report on the impact of emerging security regulations and risk advisories on emerging threats and control implications.
- Design and implement control testing methodologies for cloud environments
- Perform regular control effectiveness assessments and validation
- Develop and maintain risk and control matrices mapping to regulatory requirements
- Lead control remediation efforts and track closure of identified gaps
- Guide implementation of controls to meet the financial and cloud-specific regulatory requirements.
- Support external, internal and regulatory examinations and audits
- Report on security risks to senior management and risk committees
- Prepare and deliver monthly security posture updates to the Technology and Information and Cyber Risk committee.

**Key Relationships**:

- Reports to: Head of Technology Risk
- Strategic Partnership: CISO (consultative relationship for security strategy alignment)
- Other Key Stakeholders:

- First Line: Cloud Engineering, DevOps Teams
- Second Line: Risk Management, Compliance Teams
- Regulators, Internal and External Auditors

**Required Qualifications**

**Experience**
- 8+ years of information security experience, with 5+ years in banking/financial services
- Proven experience in cloud security and GRC within regulated environments

**Technical & Analytical Skills**
- Must possess at least one of following certifications - CISSP, CISA, CISM, CRISC, GIAC.
- Experience in developing and tracking Key Control Indicators (KCIs)
- Ability to create clear, actionable risk assessment reports
- Strong data analytics skills for control performance monitoring
- Expertise in security metrics and dashboard development
- Understanding of cloud security (AWS, Azure, GCP)
- Knowledge of container security and microservices architecture
- Understanding of API security and banking integrations

**Risk and Control Knowledge**
- Expert knowledge of risk assessment methodologies and frameworks
- Deep understanding of control design and testing approaches
- Experience with control automation and continuous monitoring
- Proficiency in risk quantification and measurement techniques

**Domain Knowledge**
- Strong understanding of banking regulations and compliance requirements
- Good understanding of the payment card industry and Swift Customer Security Controls Framework requirements.

**Soft Skills**
- Ability to communicate effectively to regulators and auditors
- Strong stakeholder management across technical and business teams
- Experience in navigating regulatory and external examinations
- Excellent documentation and reporting skills