In order to search for jobs specifically for CAIA Charterholders or those pursuing the CAIA Charter please enter “CAIA” in the search panel.
This will enable you to search for CAIA specific roles globally.
At Bank of Singapore, we are constantly on the lookout for exceptional individuals to join our team. We promote a culture of openness, teamwork and fairness. Most importantly, we invest in our people through our programmes that develop them on both professional and personal levels. Besides attractive remuneration packages, we offer non-financial benefits and opportunities to develop your potential within OCBC Group???s global network of subsidiaries and offices. If you have passion, drive and the will to succeed, rise to the challenge today!
Responsible for second line of defence related to governance and oversight of technology, information and cyber (TIC) risks within the organisation. Main Duties
Lead and support the risk governance and oversight of technology, information and cyber risks in second line.
Lead and represent second line in regulatory assessments in technology, information and cyber risks topics.
Lead and / or support internal / cross-functional TIC risks initiatives such as thematic and process reviews, as well as technology projects.
Lead and / or participate in risk committees and working groups that have been established to enhance governance and oversight over TIC risk matters.
Develop, review and maintain TIC risk framework, policies and departmental operating procedures to ensure that they are relevant, up to date and aligned to Group and regulatory standards.
Roll-out and provide guidance / training to business units on TIC risk management methodologies and tools (by leveraging on existing operational risk management tools, where possible), to enable business units to manage their TIC risks in a structured, systematic and consistent manner.
Monitor TIC risk exposures via dashboards and Key Risk Indicators (KRIs) and provide independent reporting on the effectiveness of TIC risk posture or activities to management.
Provide risk advisory services to business units on the adoption of new and emerging technologies (e.g. cloud computing, Fintech etc), as well as third party arrangements.
As a second line of defence, provide an effective challenge on the adequacy, completeness and timeliness of risk assessments and / or action plans that have been put in place to address prevailing and emerging TlC risks. This includes the review of system risk acceptances.
Plan and deliver a comprehensive TIC risk awareness training and testing program for all staff. This includes the conduct of periodic social engineering tests to reinforce awareness.
Work with Operational Risk Partners and relevant stakeholders to strengthen and promote TIC risk awareness.
Wor king Experiencs
Candidates with at least 10 years of relevant experience in information security, technology or cyber risk management in a banking environment preferred.
Good knowledge and experience with applications, infrastructure technologies and / or cyber security.
Good understanding of banking processes, technology, operations, and regulations (in particular MAS Technology Risk Management Guidelines), as well as ISO 27001.
Prior experience in managing projects / change initiatives would be an added advantage.
Qualifications Academic and Professional Qualifications
University degree preferred.
Professional certification in information security. E.g. CISSP, CISM, CRISC, CISA etc.
Proficient in Microsoft Office Applications (i.e. Excel, PowerPoint, Word).
Fluent in English.
Good communication, presentation and interpersonal skills to facilitate interactions with key stakeholders within and outside of the organisation.
Ability to collaborate well within the team, department and across different departments/locations.
Able to exercise sound judgment and establish plans to manage the execution of deliverables within the stipulated timelines.
Self-driven with attitude and aptitude to learn and accomplish tasks that have been assigned.
Analytical mindset and good report writing skills.
Able to prioritise and multi-task in a competitive environment