Nfrm Business and System Resilience Senior

**Responsibilities**:

- Establish and implement robust Technology Risk Management strategies, framework and policies to manage technology and cybers risks across the enterprise and enable the organization to be better prepared to mitigate and manage these risks in the face of evolving system/information security and cyber threat.
- Work closely with country and Group IT stakeholders and other NFRM specialists in establishing coherent business and operational resilience strategies, roadmap and business continuity plan to strengthen the Bank’s technology risk resilience, address potential vulnerabilities and ensure continuity of business operation with better responsiveness and recovery from technology-related incidents.
- Drive the continuous improvement initiatives to ensure technology risks and cyber threat are identified with corresponding operational risks controls and framework, and mitigating actions.
- Ensure effective enforcement of technology risk management framework, Group Policies & Procedures and develop a set of Singapore specific addendums and facilitating the technology risk management policies, processes as well as validating compliance with the approved Group Policy and Procedures.
- Proactively assess the compliance exposure to current and emerging security and technology related to MAS and other technology-related regulatory requirements, plan and track remediation efforts.
- Work in collaboration with IT to implement the Cyber Defence Program to focus on protection against cyber threats by leveraging threat intelligence, building up the Bank’s cyber response readiness and modernizing the Bank’s cyber surveillance technology.
- Work in collaboration with other NFRM specialists on the validation of various control environment testing results and deep-dive review and control of the key risk indicators related to technology risk. Perform sample checks on the effectiveness of BUs/BEs’ technology risk controls for assessment of risk rating.
- Work collaboratively with the Chairperson of the TRC and effectively articulate and communicate Technology risk framework, concepts, controls and protocols to relevant stakeholders in various BUs/BEs.
- Provide strategic advisory and insightful guidance to the risk committees / working groups / forums / steering committees related to change process management or projects specifically addressing matters related to Technology Risk and Cyber Security.Report and escalate to Senior Management / risk committees on Technology risk exposure and mitigation activities or any other high or critical issues requiring attention and remediation.

**Requirements**:

- Graduate degree in Economics, Finance, Accounting or numerate studies
- Professional information security certifications such as CISA, CRISC and/or CISSP would be an advantage
- At least 15 years of working experience with sound knowledge and experience of cybersecurity and information security risk management, preferably within the Financial Services sector.
- Knowledge of regulatory requirements (e.g. MAS Notice 644, MAS 655, and relevant Technology Risk Management guidelines) and industry standards/ frameworks such as NIST, ISO 27001/2 and Cyber Security Act.
- Forward and strategic thinking with the ability to deliver pragmatic solutions to risk issues independently.
- Agile mindset with the ability to embrace change and drive innovation in risk management practices.
- Excellent communication and interpersonal skills for effective collaboration across departments.
- Leadership qualities to inspire and mentor teams towards professional growth and continuous learning.
- Strong analytical, problem-solving, and judgment skills.