IT Internal Governance and Regulatory Advisory Principal Specialist SG

• Promote the value and importance of effective IT Governance and assurance on all IT systems which serve SG Branch
• Lead the implementation of IT Governance and assurance framework strategy throughout SG Branch IT, where required.

• Monitor and report risk indicators / measures, and ensure timely escalation of the department's operational risk events with mitigating actions to stakeholders and risk committees
• Proactively identify, assess and evaluate potential risks for the department to reduce likelihood and impact of occurrence in line with risk appetite
• Conduct self-assessments to identify and address control weaknesses and potential risks associated with new business initiatives, process changes and new product or services for the department
• Establish and implement controls, assurance and validations to manage risks for the department
• Ensure IT policies, procedures and SOPs are updated and aligned with the Bank's risk framework and policies
• Perform regulatory gap analysis for new or revised regulatory guidelines impacting IT department, ensuring adequate risk and control are put in place for regulatory compliance
• Manage and address regulatory expectations, including audit examinations and queries
• Champion Risk & Compliance culture #, and provide relevant risk and compliance updates / training / guidance within IT department
• Ensure timely assessment, escalation and resolution of operational risk event to minimize potential losses
• Conduct deep-dive investigation, identify root causes with mitigating controls from learnings through post-incident to prevent recurrence
• Provide training and briefing to bank staff on IT governance policies and processes, and technology regulatory requirements, where required.
• Maintain registers on IT SOPs, risks, audit findings, non-compliances and formulate IT Risk management reports
• Develops / maintains Technology governance SOPs as needed
• POC for internal and external audits, and follow up on audit issues to ensure implementation of remediations
• Liaison with regulators on technology compliance matters.
• Assist business units on related legislation, regulatory and standards affecting IT Third Party Risk Management of the Bank
• Work with stakeholders to assist in the development and implementation of IT Third Party Risk compliance controls
• Validating Data Leakage Prevention & Privileged ID Review samples
• Assist Head IT Governance in all ITD Management Governance Meetings to contribute effectively as an SME to help the team in identifying risks, treating the risk, tracking and reporting.
• Deputise for Head IT Governance as ITD POC for all Risk Management on IT Risk related topics.
• Specialise in specific Risk domains such as Business Risk, Data Risk, Third-party Risk, Business Continuity and/or Project Management Assurance as assigned.

• Bachelor's degree in computer science or its equivalent
• Relevant qualifications in MAS Technology Risk Management Guidelines, Business Continuity Management Guidelines, Outsourcing Guidelines & associated notices (658, FSM-N05, FSM-N06, etc), Personal Data Protection Act (2020) & Guidelines, and Cloud Governance (Based on AWS Best practices Pillars and NIST).
• Minimum 7 years working experience in Technology Governance
• Strong track record in technology risk management, preferably in a banking environment.
• Good leadership qualities.
• Able to engage stakeholders and develop options for them.
• Highly result oriented and can work independently.
• Ability to build relationship and interact effectively with internal and external parties.
• Good analytical, technical, written and verbal communication skills.
• Technology and operational risk management leadership.
• Risk management policy development.
• Technology outsourcing & risk gap assessments.
• Expert in analytical skills and able to make decisions, exhibit sound and accurate judgment when tackling challenges
• Mentor, train and advise colleagues
• Consistently consume and contribute to documentation to ensure up to date relevant body of knowledge that will directly ensure work is done correctly and completely
• Exposure/experience in other Technology areas outside of risk management, especially Cloud-related.

CIMB