Responsibilities:
Technology Risk Management
As a second line of defence function, the NFRM Department of CIMB ensures the first line of defence manages their technology, Information security and cyber risks by:
Provide Singapore addendum to the Group Technology Risk framework that is fit for purpose for size and scale of functions of CIMB Bank Singapore, providing guidance and training on the principles of the framework.
Oversee and provide constructive challenge to the first line of defence’s execution of the operational risk framework.
Provide Technology Risk & Regulatory Compliance expertise on a consultative basis to the functions in CIMB Bank Singapore and designated overseas locations in CIMB Group.
Report to senior management on aggregate technology and information security related operational risk exposure and mitigation activity.
Reassess the current risk assessment of outsourcing risk of technology / systems, and provide guidance on the 1.5 LoD governance over the vendor’s responses in TRM checklist.
Act as the subject matter expert in performing the highest complexity analyses and identifies trends using an expert understanding of technology risk metrics (KRIs, KPIs).
Drive the risk assessment process and oversee audit's coverage and reporting on common high-risk areas in collaboration with Group Technology Risk Management and 1.5 LoD teams.
Proactively assess the compliance exposure to current and emerging security and technology related to MAS and other technology-related regulatory requirements, plan and track remediation efforts.
Requirements:
Qualifications
Degree holder, or Professional Qualification in the relevant discipline such as Banking, Finance or Business
Professional Qualification and/or Regulatory, Licensing Requirements
Ideal to be equipped with professional or post graduate qualifications, e.g., Chartered Accountant, CFE, CSI, MBA
Professional information security certifications such as CISA, CRISC and/or CISSP will be an advantage
Sound knowledge in regulatory requirements (e.g. MAS Notice 644, 655, and TRM guidelines) and industry standards/ frameworks such as NIST, ISO 27001/2 and Cyber Security Act
Relevant Work Experience
Minimum 5 years of work experience, preferably with 1st line or 2nd line working experience in banking industry and/or from commercial law enforcement team
Possess strong prior experience and knowledge in technology and cyber standards and policy review, oversight and governance, risk management and audit
Competencies/Skills
Good communication skills both, verbal and written
An understanding of risk drivers and ability to articulate risk to non-risk personnel
Understanding of how a bank operates front to back
A deep understanding of cybersecurity, technology and fraud risk management requirements of a universal bank
Basic understanding of system requirements and infrastructure
Experience in being able to contribute to methodology enhancement
Develop strong partnership and collaboration with the various BU/BE with the achievement of the common goals in mind