Technology Risk Governance Manager - HK&SG

Job Summary:

As a member of the CIO leadership team, the Line 1 Technology Risk Governance Manager - HK &SG is accountable for establishing, embedding, and overseeing the technology and information security risk management capability across the Technology function in Singapore and Hong Kong, ensuring that material technology and information security risks are effectively identified, assessed, monitored and reported within risk appetite within IT team.

Job Responsibilities:

• Maintain and embed risk management framework and practices in Technology to ensure we manage risk and controls within risk appetite.
• Drive and uplift the risk culture within the team through regular and effective engagement and coaching. Build risk awareness and capability across the IT teams.
• Establish and maintain robust processes to identify, assess and monitor material risks , including control testing, remediation tracking and key risk indicators (KRIs) with a goal to uplift the overall risk management capability of IT teams and manage the risks within risk appetite.
• Conduct risk assessment and ensure residual risks outside of risk appetite have appropriate action plans to reduce the residual risk or are formally accepted by accountable risk owners.
• Collaborate with Line 2 and Line 3 Risk, Compliance & Audit teams to manage all aspects of technology risk governance, compliance, and audit activities, including evidence gathering, risk reporting and tracking of remediation activities.
• As part of integrated business unit model, work with Line 1 Risk teams from other countries and areas of business, Risk and Compliance teams across APAC as well as global risk teams to ensure alignment with global frameworks and local regulations. Highlight and escalate gaps where exists.
• Provide input into risk prioritization discussions and the reasonableness of any remediation plans to ensure timely and effective risk mitigation.
• Work with regional and global stakeholders in the development of pragmatic and appropriate technology risk framework and control libraries and identify opportunities to continuously improve our control environment.
• Actively manage post operational incident reviews, root cause analysis, regulatory notifications (if applicable) and drive process improvements to address any systemic issues.
• Develop and deliver risk reporting to senior stakeholders, ensuring timely escalation of material risk exposures and breaches of risk appetite.
• Stay abreast of regional regulations and proactively plan for, and update, processes to remain compliant with regulatory change. Ensure compliance with all LM & LII APAC legal, statutory, and corporate affairs requirements.
• In conjunction with action owners, develop, execute, and monitor risk treatment plans.
• Perform other related duties as assigned by manager.

Job Qualifications:

• Minimum of 7 years’ experience in an Information Security & Technology Risk function within a Financial Services organization.
• Experience with Technology and Information Security regulations in Singapore and Hong Kong.
• Bachelor's degree in Business or Technical discipline or equivalent experience
• Certifications in Information Security &/or Risk Management – e.g. CISA, CISM, CRISC
• Proven experience in any IT functions outside of Risk Management
• Demonstrated experience & strong knowledge of IT, Security, and Risk Management concepts, frameworks and standards

Job Competencies:

• Strong Business and Technology acumen
• Strong ability to meet deadlines and self-driven
• Ability to think strategically and execute accordingly
• Strong ability to create a culture of risk awareness and alignment to organizational goals
• Advanced relationship building skills
• Strong ability to continually improve upon a process
• Solid team player with high standard of business ethics
• Strong verbal and written communication skills including influence without authority
• Strong analytical skills with good attention to details
• Strong project management and organizational skills
• Competent negotiation and influencing skills