Vp, Policy and Risk Management

**About UOB**:
United Overseas Bank Limited (UOB) is a leading bank in Asia with a global network of more than 500 branches and offices in 19 countries and territories in Asia Pacific, Europe and North America. In Asia, we operate through our head office in Singapore and banking subsidiaries in China, Indonesia, Malaysia and Thailand, as well as branches and offices.

Our history spans more than 80 years. Over this time, we have been guided by our values — Honorable, Enterprising, United and Committed. This means we always strive to do what is right, build for the future, work as one team and pursue long-term success. It is how we work, consistently, be it towards the company, our colleagues or our customers.

**About the Department**:
Group Technology and Operations (GTO) provides software and system development, information technology support services and banking operations.

We have centralized and standardized the technology components into Singapore, creating a global footprint which can be utilized for supporting our regional subsidiaries and the branches around the world. We operate and support 19 countries with this architecture to provide a secure and flexible banking infrastructure.

Our Operations divisions provide transactional customer services for our businesses while also focusing on cost efficiency through process improvements, automation and straight through processing.

**Responsibilities**:

- The VP, Policy and Risk Management role will support the Head of Security Governance and Chief Information Security Officer (CISO) in enhancing and maintaining the Bank’s security governance framework and supporting security policies, processes and metrics in conjunction with the Bank’s information and cyber security strategy, threat landscape and regulatory requirements
- Key Responsibilities:
- Enhance and maintain the Bank’s security governance framework including the central repository of security policies, processes and guidelines
- Manage the lifecycle of security policies, process and guidelines to ensure these control documents remain contemporary in-line with the evolving threat and regulatory landscape
- Prepare and present security governance related topics at various management and risk governance forums
- Design and maintain the security policy exception and violation process
- Develop and maintain security risk and service effectiveness metrics and dashboards including developing key insights and tracking follow up actions.
- Maintain and monitor on-going security improvements to ensure the Bank’s security posture is managed effectively and efficiently in-line with surveillance of industry benchmarks
- Actively contribute to annual project and service improvement planning and provide inputs to the Bank’s information and cyber security strategy, roadmap and awareness initiatives
- Provide support for all Audit and Regulatory requests.

Others:
- Work with internal and external teams to influence and achieve consensus on security governance matters
- Ability to respond to any requests and issues on a timely basis
- Communicate effectively with a variety of internal and external teams and stakeholders
- Capable of managing a variety of priorities and deliverables with mínimal guidance or supervision.

**Job Requirements**:
Education
- Diploma/Degree in engineering/Computer Science / IT/Cyber Security from a recognized education institution
- Professional security related qualification (e.g. CISM, CISA, CRISC.) will be favorable although not mandatory
- Knowledge of industry best practices eg. ISO 27001, NIST

Technical Skills
- Overall experience 10 - 12 years of experience
- 6+ years of relevant experience in security policy and process development, security governance and risk management disciplines
- Good working knowledge of the security threat landscape and various security technologies.
- Have a strong security risk and analytical mindset in approaching situations and interactions with stakeholders
- Effective influencing and negotiating skills and demonstrated sensitivity to working and interacting with senior stakeholders
- Strong knowledge of understanding of business and security requirements and translating the requirements into effective and efficient policies, processes and metrics
- Strong knowledge of MAS information and cyber security related guidelines and advisories

Soft Skills
- Excellent written and verbal communication skills and expertise in setting and managing stakeholder expectations
- Process aware mindset
- Strong analytical and problem solving skills
- Effective time management and organizational skills.
- Able to work independently with mínimal supervision
- High degree of attention to detail and discipline on tracking and managing the closure of identified gaps and issues

**Be a part of UOB Family**: