Technology Risk Manager, Risk

WHO WE ARE:
As Singapore's longest established bank, we have been dedicated to enabling individuals and businesses to achieve their aspirations since 1932. How? By taking the time to truly understand people. From there, we provide support, services, solutions, and career paths that meet their individual needs and desires.

Today, we're on a journey of transformation. Leveraging technology and creativity to become a future-ready learning organisation. But for all that change, our strategic ambition is consistently clear and bold, which is to be Asia's leading financial services partner for a sustainable future.

We invite you to build the bank of the future. Innovate the way we deliver financial services. Work in friendly, supportive teams. Build lasting value in your community. Help people grow their assets, business, and investments. Take your learning as far as you can. Or simply enjoy a vibrant, future-ready career.

Your Opportunity Starts Here.

Description of Risk & Prevention
Group Operations and Technology (O&T) provides IT and backroom support across the bank's business lines such as Group Consumer Financial Services, Group Corporate Banking, Global Treasury, Group Risk Management, Group Finance, and Group Human Resources.

In addition, Group O&T runs the bank's regional processing centres and technology operations, drive for productivity gains and lower unit costs by instilling a quality culture, and leverage on the synergy from cross border processing hubs in Singapore, Malaysia and across the region.
The objective of Group O&T Risk & Prevention (R&P) is to establish a risk awareness and compliance culture that helps Group O&T to manage risks. In supporting O&T departments, Group Risk and Regulatory Compliance Unit as the Division Compliance Officer, Business Continuity Management Coordinator and Ops Risk management Coordinator, R&P undertakes the following responsibilities:

• Coordinate and facilitate the implementation of Operational Risk & Compliance policies,
  methodologies, and initiatives for proactive risk management by Group O&T.
  
• Monitor and uplift the Division's risk and compliance management performance through tracking of audit issues, compliance breaches and loss events.
  
• Provide independent review of risk assessments performed by O&T for new/changed
  processes to ensure integration of risk management to internal processes.
  
• Manage the audit engagement process, track, and ensure timely closure of issues.
  
• Promote awareness of risk among O&T staff and educate them on methodologies and
  processes for risk management and compliance.
  

Role Description:
The candidate is responsible to ensure that technology-related risks are identified, assessed, and mitigated appropriately. This involves collaborating closely with the technology teams and regional R&P across the OCBC group to solve technology risk challenges and strengthen Group O&T's risk culture.

Duties and Responsibilities:
Support the Head, R&P - Technology Risk in the effective and proactive management of risk and controls for technology and outsourcing in Group O&T.

Collaborate with stakeholders to:

• Perform infrastructure (operating systems, middleware, databases, network), applications, operations risk, and control assessments to ensure systems' configurations, processes, and operations:
  
  • Identify, assess, treat, mitigate, and articulate risks in both technical and business contexts.
    
  • Ensure compliance with the bank's standards, policies, and statutory and regulatory requirements.
    
• Conduct risk and control assessments related to outsourcing and business continuity management to ensure adequate controls and compliance.
  
• Challenge, drive, and discuss controls or risk mitigation solutions while building strong, respectful relationships.
  
• Support stakeholders in audits (internal/external) and regulatory reviews and inspections, ensuring tracking, reporting, and addressing root causes.
  

Collaborate with O&T teams across entities locally and regionally to assess risk profiles, identify potential lapses or non-compliance, and develop risk mitigation strategies for sustained controls. Provide advice, objective review, and challenge to risk issues/process changes identified by stakeholders to ensure technology-related operational risks are adequately assessed and appropriate controls are in place. Drive the development and implementation of automated risk assessment frameworks that identify and quantify potential risks. Design and implement automated risk monitoring and reporting systems that provide alerts and dashboards to aid management and stakeholders in making informed decisions. Develop and deliver training programs to educate stakeholders on emerging trends in risk automation.

• Corporate Grade: AVP - VP
  
• Division: Group Operations & Technology
  
• Department: Risk & Prevention
  

Qualifications:
Adaptability: Willingness to embrace change as the team continually adjusts strategies to meet evolving regulatory and control landscapes. Regulatory Knowledge: Strong understanding of regulatory requirements, including MAS Technology Risk Management, MAS Guidelines on Outsourcing, MAS Guidelines on Business Continuity Management, FSM-N05, FSM-N06, Notice 658, Cyber Security Act, Cybersecurity Code of Practice for CII, and Personal Data Protection Act. Risk and Control Assessment Experience: Proven experience in performing IT risk and control assessments (including RCSA) and managing audits (internal and external) as well as regulatory inspections. Dashboard and Data Visualization Skills: Experience in developing and implementing dashboards, data visualization, and heatmap presentations of metrics. DevOps, SRE, and Agile Methodologies: Good understanding and preferred experience with DevOps, Site Reliability Engineering (SRE), Agile methodologies, and CI/CD approaches and tools. Infrastructure Technology Expertise: Hands-on experience in the following areas is desirable:

• Servers Platform
  
• Middleware technologies
  
• Microservices
  
• Virtualization
  
• Network
  
• Security
  
• Database
  

Academic:

• University degree in technology with at least 6 years of experience in audit/ IT security/ risk management. Practitioner and holder of relevant certification, such as CISSP, CISA, CRISC, CIPM, CIPP/A & etc would be advantageous.
  

Core Competencies

• Technology Risk Management Expertise: Strong background in technology risk management, with hands-on experience in technology domains or audit/compliance.
  
• Statistical Modelling and Data Analysis: Prior experience in statistical modelling, data analysis, and data visualization tools is advantageous.
  
• Self-Motivation and Initiative: Driven, self-motivated individuals who demonstrate initiative and are results-oriented.
  
• Forward-Thinking: Interested in staying updated with developments and best practices in risk management, analytics, and automation.
  
• Analytical Skills: Hands-on approach with good analytical skills and attention to detail.
  
• Communication and Collaboration: Excellent communication and collaboration skills.
  
• Adaptability: Strong ability to adapt and work effectively in a dynamic, fast-paced environment.
  

What we offer:
Competitive base salary. A suite of holistic, flexible benefits to suit every lifestyle. Community initiatives. Industry-leading learning and professional development opportunities. Your wellbeing, growth and aspirations are every bit as cared for as the needs of our customers.

---