Senior Vice President/Vice President, Specialist, Technology Risk - Applications, Risk Management Group

Role Overview

The ideal candidate combines deep technical understanding with strong governance, communication, and board-level reporting capabilities.

1. Risk Oversight and Assurance

• Provide independent, senior-level challenge and oversight to ensure technology risks are effectively managed across all major programs, initiatives, and the entire technology landscape, with a keen focus on resilience and reliability.
• Maintain and continuously enhance the technology risk framework, ensuring alignment with the Bank’s risk taxonomy and regulatory requirements.
• Lead and validate Risk and Control Self-Assessments (RCSA) across diverse technology domains, ensuring comprehensive identification, assessment, and effective control of risks.
• Conduct thematic reviews and deep dives (e.g., DevOps, AI/ML, third-party risks, Site Reliability Engineering (SRE) practices) to identify systemic issues and emerging threats.
• Proactively identify and assess emerging technology risks, including those related to disruptive technologies (e.g., AI/ML, quantum computing, advanced analytics, and automation), developing appropriate mitigation strategies.
• Oversee incident response reviews, recovery assurance and ensure robust operational resilience in line with regulatory expectations and business continuity objectives.
• Support regulatory inspections and audit response for technology matters.

1. Reporting and Board Engagement

• - Drive development of board-level risk memos, translating technical risk into business impact and actionable recommendations.
• Present and discuss key risk themes and emerging issues with senior management and Board sub-committees.

1. Stakeholder Engagement and Advisory

• - Advise technology, operations and business stakeholders on risk design, mitigation plans, residual risk and control enhancement.
• Coordinate with audit, compliance, and other control functions to maintain integrated assurance coverage.
• Actively influence culture, embedding risk discipline in technology delivery practices and engineering mindsets.

• 15+ years of experience in technology risk, IT audit, or comparable roles in financial services.
• Hands-on experience with Risk and Control Self-Assessments (RCSA), risk frameworks, thematic assurance reviews.
• Excellent written and verbal communication skills, including the ability to craft concise, board-level memos.
• Deep familiarity with key regulatory requirements and guidelines (e.g., MAS TRM, MAS 658, HKMA), and other relevant international standards.
• Proven leadership ability and credibility to engage senior stakeholders and influence across functions.
• Relevant professional certifications such as CISM, CISA, CRISC, CISSP, or equivalent is preferred.
• Demonstrated experience operating effectively within Agile and DevOps development environments, understanding the associated risk profiles, control requirements, and embedding risk management throughout the SDLC.
• Experience working on Data, AI and/or Machine Learning engineering is a plus
• Experience working in a Technology Service Management role is a plus
• Experience working in a complex, multi-national or regional banking environment is a plus.
• en