Technology & Information Security Governance Lead

See job description for details

**About Us**

**About the Role**

As a Technology & Information Security Governance Lead (Line 1 Risk) for Singapore and International Cloud in our Digital Banking Operations Technology team, you will drive technology operational risk excellence using the ANZ Risk Management Framework. You will be supporting Country Technology teams to ensure their key risks are understood and well managed. In addition, you will drive continued information security maturity uplift and support technology regulatory compliance for the respective jurisdiction - Singapore, India, Vietnam, Papua New Guinea and key lead for our International Cloud agendas).

This role will be a listed Material Risk Personnel (MRP) for Information Security in ANZ Singapore in line with local Monetary Authority of Singapore regulations. This will specifically require the individual to:

- Support the identification, governance and remediation of risks associated to the usage of technology in alignment with ANZ policy and regulatory requirements.
- Work closely with Singapore risk decision makers to provide the necessary data, information and advisory to support their risk decision making processes.
- They will also be a permanent member of Singapore governance forums covering Technology and outsourcing. They are responsible for providing forum members with updates on technology risk updates and supporting decision makers with the necessary supporting information from a technology risk perspective.

**Role Location**: ANZ Singapore
**Role Type**: Permanent

Banking is changing and we're changing with it, giving our people great opportunities to try new things, learn and grow. Whatever your role at ANZ, you'll be building your future, while helping to build ours.

**What will your day look like?**

As part of this role, you will face into internal audit and external regulatory engagements for the assigned portfolios to support positive outcomes and execution of associated treatment plans. Perform, lead and/or provide input into risk assessments as well as assessments against country technology regulatory requirements and develop strong relationships with business stakeholders. You will have strong communication and presentation skills that support your ability to translate deep technical matters into business and operational risk consequences.

You will lead activities to sustain and improve compliance with internal information security policies and external regulatory requirements, determine technical and business impacts from technology risks or security controls such as penetration testing, independent security assessments etc., building staff and customer security awareness through delivery of communication and training programs, and providing business support and leadership on information security matters.

You will improve cloud and third party technology vendor governance across Digital Banking Operations and ensure oversight and continuous monitoring of risk reporting, findings and issues remediation. Support internal cloud platform teams with compliance engagement and risk reviews. Drive risk analysis to identify and mitigate relevant into DBO cloud strategy and adoption across our business lines.

You will manage a team who will support you in executing to your role accountabilities across Singapore, India, Papua New Guinea and Vietnam

**What will you bring?**

To grow and be successful in the role, you will ideally bring the following:

- A strong track record in a technology risk, assurance, audit or compliance-based role
- Specialist in cloud and third party technology vendors risks and technical concepts and controls. Experience with frameworks such Cloud Security Alliance's Security Trust Assurance and Risk Framework (CSA STAR)
- Proven experience providing risk and assurance expertise, ideally to Technology based business units and Institutional Banking exposure
- Strong understanding of regulatory and business operating risk environment, monitoring legislative change and regulator sentiment to identify emerging risks and actions to ensure compliance, responding when needed (with experience across the financial regulatory landscape of Singapore - Monetary Authority of Singapore, India Reserve Bank of India (RBI). Vietnam - State Bank of Vietnam)
- Experience in leading and driving highly engaged teams
- Information security, cloud security and risk industry qualification desired - CISSP and/or CISA qualification or equivalent qualifications.
- Strong controls framework understanding and experience
- Technical architecture, security design and cloud security experience is preferred
- Ability to tailor your communication to your audience level of understanding and communicate in a simple manner which is easily understood by non-risk practitioners.
- Proven experience in defining and delivering an information security /technology assurance strategy
- At ANZ a growth mindset is at the heart of our culture