Technology and Security Assurance Lead

Trust is the first of a new breed of banks in Singapore - digitally native and focused on delivering a delightful customer experience. You will work in a fast-paced and collaborative environment to solve new and interesting challenges each day. Together with our Trust team, you will help shape the future of our bank.

As the **Technology and Security Assurance Lead**, you will acquire new ways of working and be involved in solving interesting challenges, building innovative, industry-leading products and digital journeys for our customers and managing risks intelligently.

As part of the First Line of Defence Security Team in Trust, you will be reporting to the Head of Technology Risk. In this role, you will drive the design and day-to-day management of security processes and controls, ensuring a positive support to our company's initiatives and growth. Specifically, you will operate the Control Room responsible for Continuous Assurance and Reporting. Adopting and implementing modern approaches to security, integrating cloud-native security designs, offensive security and agile development. Working closely with various stakeholders, including product owners, risk and compliance, the Tech and Security Assurance Manager will design and manage an effective Information Security Management System in line with best of breed industry practices and innovative engineering.

**The Role Responsibility**:
The incumbent will drive many initiatives, among which:

- Provide strategic advisory to ensure sound architecture and control effectiveness
- Organising the conduct of periodical effectiveness checks and controls
- Collaborating with all the company's stakeholders to design operational processes which derive effective security and delivery quality outcomes
- Working closely with the digital workspace computing team to ensure all controls are in place, systems effectively onboarded and security capabilities delivering their SLAs
- Being the driving force in 3rd party security risk management by holding all external vendors to the standard expected by our customers
- Maintaining a registry of security controls and regulatory requirements, continuously collecting and mapping artefacts to ensure continuous compliance and facilitate second line deviation analysis
- Working closely with security engineering to automate the collection and analysis of security controls data to maintain manual reviews mínimal
- Providing comprehensive reporting of compliance and escalate violations to Management
- Establishing and maintaining metrics and data driven controls to measure continuously the effectiveness of controls over time
- About 8 years of experience in Technology, Information or Cyber Risk Management.
- Entrepreneurial spirited - constantly identify opportunities for change and not afraid to do things differently.
- Good understanding of regulatory requirements such as MAS Technology Risk Management Guidelines, MAS Notice 644 Technology Risk Management and Notice 655 Cyber Hygiene.
- Exposure to cloud native architecture, services, technologies and ways-of-working, including but not limited to: microservices, containerisation, orchestration (Kubernetes)
- Experience in design, advisory, and oversight of technology risk and control design coordination to mitigate risk for IT control environment
- Strong analytical skills and ability to priorities, make decisions, and work to tight timeframes.
- Strong communication skills - oral, written and presentation.
- Strong interpersonal and stakeholder management skills, across various levels in the organization including senior leadership.
- One or more of the following certifications will be preferred: CISA, CISSP, CISM, CRISC, GIAC, CCSLP.
- Experience in scripting/programming security automation will be beneficial as we stive for automation.

**Role Specific Technical Competencies**:
**Skill**

**Target proficiency level**

Software Delivery and the CI/CD Pipeline

Good understanding

AWS Cloud Services and Resilience

Proficient

Project/Program management for eGRC

Proficient

Entity Relationship Diagrams

Proficient

Data Analysis and SQL

Proficient

Regulatory Compliance Assessment

Expert

**Come as you are** Trust is an inclusive and open-minded workplace. If you are smart and good at what you do, that's what we care about. So come as you are.

**Trust is an equal opportunity employer. We prohibit discrimination and harassment of any kind.** We are committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Trust are based on business needs, job requirements and individual qualifications, without regard to age, gender, physical ability, race, religion or belief, family or parental status, sexuality, or any other status protected by laws or regulations. We will not tolerate discrimination or harassment based on any of these characteristics.