Senior Ics Risk Manager, Asean Cluster

Job ID: 36019

Location: Singapore, SG

Area of interest: Technology

Job type: Regular Employee

Work style: Office Working

Opening date: 6 Aug 2025

**JOB SUMMARY**
- We have established a capability to successfully implement and embed the Information and Cyber Security (ICS) Risk Type Framework (RTF) across the Group and countries in the region/cluster to bring consistency in the identification and mitigation of ICS Risks. The Senior ICS Risk Manager will support ASEAN Custer CISO to drive the adoption and implementation of the framework across the entities in Singapore and ASEAN Cluster.
- This role will require hands on approach to understand, embed, and guide Singapore and ASEAN Cluster on the ICS RTF to maximize risk reduction and capability improvement, while meeting compliance and legal obligations, and minimising client impact. The role will require to have end-to-end view of all ICS activities with regular risk assessment, tracking, follow up and reporting at the relevant forums.
- The role will maintain highly constructive relationships with key stakeholder and regulators, and possess strong security risk framework knowledge to mobilize effort and commitment.
- He/she will execute a robust and efficient plan to rollout ICS RTF by working with key stakeholders including Country and Cluster CTOOs/CIOs direct teams, Country/Cluster Business and Function teams, ICS RTF Implementation Programme teams, CISO teams and Security technology teams. The plan will incorporate digital footprint discovery, risk assessment, definition and implementation of controls as guided by the ICS RTF and tailored to the relevant areas.
- CISO authority for countries in scope (delegates for Singapore, any other markets within ASEAN Cluster upon appointment).
- Supporting Singapore and ASEAN Cluster in the implementation of the ICS Risk framework including working with stakeholders to identify, assess and rate the information assets, build out the risk profile per the framework, initiate risk assessments and put together treatment plans.
- Deploy and implement Threat Scenario-based risk assessments in-country.
- Use qualitative and quantitative data sources to validate TSRA and associated controls, accelerate risk assessment process, validate business risk profile, and develop action plans to remediate to bring ICS risk back into appetite
- Follow up on identified thematic cyber issues, develop processes to address issues from re-occurrence and ensure cyber hygiene across the whole portfolio.
- Provide regular status updates including progress, top risks and issues to the respective country and cluster forums for the relevant domains. Track RAG status, key milestones, risks, dependencies, and issues.
- Interface into Technology forums to ensure security technologies are operating with input from countries and be actively involved in the roadmap of these technologies.
- Development of risk treatment plans for the assigned areas in conjunction with the business and technology teams. Interface with other areas to ensure dependencies are known and prioritised. Negotiate timelines to ensure proper remediation by maintaining support and organizational alignment.
- Adapt to emerging and horizon risks and address issues to maximize outcomes. Urgent and timely action for risks and issues which adversely impact cyber risk profiles.
- Re-planning and prioritising as required to maximise risk reduction.
- Coordinate and plan for cyber crisis management exercises, build response and recovery capabilities, workarounds, ensure up to date playbooks etc. Assist with other cyber activities underway.
- Manage all ICS-related regulatory requests and self-assessments. Certify or recertify audit requirements and standards by coordinating, participating, and reviewing relevant controls, where required to do so e.g. regulator inspection, internal/external audits, SWIFT, PCI-DSS, ISO 27001.
- Build and maintain strong and sustainable relationships with key internal and external stakeholders, e.g. country Management Team, local regulators.
- Build a strong ICS risk culture and awareness for Singapore and across ASEAN Cluster, deliver country scorecard and management metrics, e.g. CISO MI, BRAM, Culture Quotient.
- Represent SCB for ICS related regulatory and industry forums.
- Drive and support group and cluster ICS initiatives.
- Remotely execute as Market CISO for ASEAN markets (upon appointment), e.g. Australia, Thailand, or any other markets assigned.
- Critical thinking skills to be able to engage with the regulators and senior stakeholders frequently and independently.
- Be able to turn around time sensitive requests with urgency, even during off work hours.
- Build on our brand reputation to be an industry thought leader in Singapore and ASEAN markets and deepen our engagement with industry peers to build a resilient cyber eco-system.
- Be the Cyber trusted advisor to the Board, Cluster and Country MTs, Business stakeholders, etc.
- Be the e