Manager, Technology Risk Management

Eastspring is a global asset manager with Asia at its core. We create a culture in which diversity is celebrated and inclusion assured, for our colleagues, customers, and partners. We provide a platform for our people to do their best work and make an impact to the business, and in exchange, we support our people's career ambitions. We pledge to make Eastspring a place where you can Connect, Grow and Succeed.

Role Overview

This role will be a key member of the centralised Second Line Technology Risk Oversight team reporting into the Head of Technology Risk Management. The role is responsible to support the independent oversight, challenge and governance of the technology and cyber risks (“TRM”) across Eastspring ensuring effective risk management practices across the company. The responsibilities cover all 12 business locations of Eastspring with Technology Risk domains of Information & Cyber Security, Data Privacy, Technology Enablement, as well as Data Governance and AI.

PURPOSE

Execute risk oversight and governance in line with defined frameworks and requirements across all TRM domains and all businesses to ensure the company is in line with risk appetites, policies and standards and regulatory requirements.

Support the First Line in Technology Risk related matters by providing independent advice with collaboration from a Second line perspective to solve issues.

Support in the management of key internal stakeholders on TRM matters, working together with the First and Third Lines to ensure strong risk culture and effectiveness of the lines of defence.

Support in the preparation of independent risk reporting on TRM risks commensurate with the business for all applicable forums and committees or on an ad hoc basis as required.

Execute the roll out Prudential information and technology risk frameworks, policies, processes, and other Prudential wide TRM related Second Line initiatives for Eastspring.

Key Accountabilities

• Implement the Prudential Technology Risk related frameworks and policies, and support in development of Eastspring governance documents as required to effectively execute the TRM Team’s remit.
• Ensure the Technology Risk Management oversight requirements are successfully implemented across Eastspring. This includes but is not limited to
  • Oversight monitoring to ensure First Line is in line with regulatory and internal policy requirements.
  • Monitor and report on KRIs aligned to Eastspring’s risk appetite
  • Support on scenario analysis and thematic reviews on technology and cyber risks
  • Review and challenge of TRM related Risk Control Self Assessment results, controls, issues and risk mitigation strategies and actions to ensure the risk rating, treatment plan and target completion date are able to reduce/mitigate the risk on reasonable basis.
  • Review and challenge of technology related incidents root cause analysis and remediation actions defined and perform trend analysis to identify systemic issues for escalation.
  • Support in the development and execution of risk assessments and thematics review
  • Track and monitor technology and cyber risk exposures, supporting in the escalation of material issues on a timely basis to key stakeholders
• Understand the specific platform and regional complexities and issues to all Eastspring business units and provide advisory to the regional and local IT teams on Technology risk matters. This would also include advisory on projects with IT components.
• Support the Head of Technology Risk Management in preparing risk reporting which covers the
  • Eastspring IT Risk Forum
  • Executive Risk Committee
  • Eastspring Investment s Group Risk Committee
  • Prudential Group Technology Risk Management Forum
  • Any other Ad Hoc reporting
• Work closely with the operational risk management (“ORM”) team in executing the information and technology risk oversight related activities in line with the risk framework across the locations
• Work together with the Head of Technology Risk Management and the Enterprise Risk Management team to promote a strong risk culture across all Eastspring locations in increasing risk awareness and proactively managing information and technology risk
• Execute the implementation Prudential Group wide requirements and projects.

Experience / Qualifications

Minimum 5-8 years of relevant experience, with compulsory experience in Technology or Risk Management/Audit.

Candidates Should Demonstrate Experience In Identifying, Managing, And Reporting Risks And Controls In At Least Three Or More Of The Following Areas

• IT Infrastructure Management: Networks, platforms (e.g., IBM, Unix, Windows), middleware, and databases.
• Application Development and Change Management (SDLC): Experience with the full software development lifecycle.
• Identity and Access Management (IAM): Experience with tools like SailPoint, CyberArk.
• Cybersecurity: Familiarity with frameworks like NIST, and experience with security tools and operations.

Analytical, meticulous, self-starter with strong written and spoken communication skills in English a must. Ability in written and spoken Mandarin a plus.

Ability to multi-task and handle tight deadlines.

Proficient in Microsoft office tools.

Candidates With The Relevant Certifications In Areas Such As Technology Risk Management, Technology Audit, IT Management, Cybersecurity, Cloud, Software Engineering, Or Project Management Will Have Additional Advantage. Examples Include

• Risk Management: CRISC (Certified in Risk and Information Systems Control)
• Audit: CISA (Certified Information Systems Auditor)
• IT Service Management: ITIL Foundation, PRINCE2, PMP
• Cloud/Network: Microsoft Certified Azure Solutions Architect Expert, (ISC)² CCSK, CompTIA Cloud Essentials
• IT/Information Security: CISSP, CISM, CompTIA Security+
• Software Development: DevOps Engineer Professional, Google DevOps Engineer, Microsoft Certified Solutions Developer

Skillsets in coding e.g. Python, and intelligence dashboards like PowerBI would be advantageous.

Eastspring is an equal opportunity employer. We provide equality of opportunity of benefits for all who apply and who perform work for our organisation irrespective of sex, race, age, ethnic origin, educational, social and cultural background, marital status, pregnancy and maternity, religion or belief, disability or part-time / fixed-term work, or any other status protected by applicable law.