Assistant Vice President - Technology Risk Specialist
Singapore, SG
Job Summary
Reporting to the Controls Lead, this Line 1.5 control role aims to strengthen the organisation’s overall technology governance and risk management posture within a highly regulated financial services environment. The role is responsible for facilitating internal and external technology audits, managing regulatory engagements, supporting Technology and Cyber Risk Committees as secretariat, and driving the development and reporting of technology and cyber risk indicators.
This position requires strong familiarity with key regulatory frameworks—including MAS Technology Risk Management (TRM) Guidelines, MAS Cyber Hygiene requirements, Outsourcing risk expectations, and the Cybersecurity Agency of Singapore (CSA) Cybersecurity Code of Practice (CCoP) 2.0, as well as corresponding Critical Information Infrastructure (CII) cybersecurity and risk assessment requirements. A central part of the role involves fostering effective and collaborative partnerships across all three lines of defense, ensuring alignment between Technology stakeholders (1LOD), Risk & Compliance functions (2LOD), and Internal Audit (3LOD) to maintain a robust and well‑coordinated governance environment.
Job Responsibilities
1. Audit & Regulatory Engagement Facilitation
- Coordinate internal and external technology audits, including planning, evidence preparation, walkthrough sessions, observation validation, and closure tracking.
- Act as the central liaison for regulatory engagements with MAS and other regulatory bodies on technology, cybersecurity, and operational resilience matters.
- Ensure timely and accurate responses for MAS inspections, surveys, and CSA-driven engagements where applicable.
- Oversee tracking and reporting of remediation activities for audit and regulatory findings, ensuring compliance with mandated timelines and governance standards.
2. Secretariat Support for Technology & Risk Committees
- Serve as secretariat for Technology Risk Committees and related governance forums.
- Manage meeting logistics including scheduling, agenda setting, coordination of materials, and preparation of accurate and comprehensive minutes.
- Track action items, monitor progress, and ensure timely completion by responsible parties.
- Strengthen governance processes, documentation quality, and committee reporting structures.
3. Technology Governance, Regulatory Alignment & CII Requirements
- Support the continuous uplift of IT governance frameworks, policies, standards, and procedures to ensure alignment with:
- MAS Technology Risk Management (TRM) Guidelines
- MAS Cyber Hygiene Notice
- MAS Notice on Technology Risk Management
- CSA Cybersecurity Code of Practice (CCoP 2.0)
- Relevant guidance for organisations designated as Critical Information Infrastructure (CII)
- Contribute to the organisation’s compliance with CCoP 2.0, including governance, incident response, security monitoring, hardening standards, and network boundary requirements.
- Support or coordinate CII Risk Assessments, including scoping, risk evaluation, documentation, and evidence preparation to meet CSA regulatory expectations.
- Provide advisory and guidance to Technology teams on complying with regulatory controls, cybersecurity governance requirements, and operational resilience expectations.
- Support internal self-assessments or compliance reviews associated with CCoP 2.0 or MAS TRM requirements.
4. Technology Risk Indicators & Governance Reporting
- Consolidate data from multiple systems to produce meaningful insights for senior management, risk committees, and the Board.
- Monitor and highlight risk trends, emerging themes, and operational challenges that may require management attention.
- Ensure reporting practices align with MAS TRM Guidelines, Cyber Hygiene requirements, and internal governance frameworks.
5. Other Area
- Support on AI Technology Risk Governance initiative within SGX as required
Job Requirements
Role Requirements:
- Bachelor’s degree in Information Technology, Information Security, Risk Management, or a related field.
- 5–8 years of experience in IT Governance, Technology Risk, IT Audit, or regulatory engagement roles within a regulated financial institution (e.g., bank, exchange operator, insurer, market infrastructure).
- Strong understanding of:
- MAS TRM Guidelines & MAS Cyber Hygiene Requirements
- Outsourcing and Third-Party Risk Management Guidelines
- CSA Cybersecurity Code of Practice (CCoP) 2.0 and CII obligations
- Operational resilience expectations for financial institutions
- Experience supporting regulatory inspections, including MAS and CSA interactions where applicable.
- Strong analytical, documentation, and stakeholder‑management skills.
- Experience preparing dashboards, risk reports, and committee-level reporting is preferred.
- Professional certifications (e.g., CISA, CRISC, CISSP, CISM) are advantageous.
Preferred Skills:
- Strong sense of responsibility, ownership, and professional integrity.
- Highly organised with a strong attention to detail.
- Able to work effectively in a regulated, fast-paced environment with demanding timelines.
- Confident in engaging stakeholders at all levels, including senior management and having robust and difficult conversations.
- Proactive, resourceful, and able to operate independently with minimal supervision.
- Experience in a CII regulated environment will be an advantage.
- Stay abreast of emerging AI regulations, standards, and risk trends to continuously improve governance practices
Job Segment:
Risk Management, Cyber Security, Information Security, Internal Audit, Banking, Finance, Security, Technology