VP, Technology Risk Manager (SRE), Tech COO, Group Technology

Job Description - VP, Technology Risk Manager (SRE), Tech COO, Group Technology (250000C5) Job Summary

Technology is key to enabling the DBS vision of being the leading bank in Asia. To meet the challenges arising from the ever-evolving technological advancements and increasing sophistication and demands of customers, there is a need for deft Technology Risk Managers to ensure robust risk governance. As a member of the Technology Risk Management team, you will oversee a global portfolio of technology risk management activities (includes participating in any technology risk management related initiatives), with a focus on:

Thematic risk analysis for IT risks

This role ensures that DBS Bank's technology risk framework aligns with global regulatory requirements (MAS, HKMA, RBI, GDPR, etc.)and industry best practices (NIST, ISO 27001, COBIT), and internal policies while identifying vulnerabilities and recommending mitigation strategies. The position requires a strategic leader who can identify systemic risks, drive audit remediation, and enhance governance across all regions where DBS operates.

Job Duties & Responsibilities

Accountable for managing internal and external reviews/audits from audit planning (such as request for information (RFI), opening meeting, etc.), fieldwork (such as RFI, issue discussion, etc.), to reporting and closing meeting.

Responsible for monitoring and validating the closure of management actions, arising from internal and external reviews/audits, including regulator inspection reviews.

Perform review of new / revised processes, provide risk opinion and ensure proper approvals and documentations.

Collaborate with the different technology teams to conduct post implementation review of new / revised processes to provide assurance.

Drive automation (e.g., data analytics, AI/ML) for continuous auditing.

Prepare and develop technology risk insights (such as IT audit thematic and trend analysis) to be presented at forums (such as technology risk forums, etc.).

Engage and collaborate with technology stakeholders to proactively identify risks at a detailed and technical level and ensure that IT is effectively driving remediation activities and to continuously improve IT risk posture.

Proactive in forging effective engagement with key stakeholders relating to risk & control matters.

Provide risk assessment and advisory as required:

Evaluate the effectiveness of IT risk governance, security policies, and control frameworks.

Provide actionable recommendations to senior management for risk mitigation.

Subject matter expert in Site Reliability Engineering.

• Manage technology risk initiatives and target reviews.

Required Experience

• At least 8 years of experience preferably with exposure on risk management (in control functions; including technology).
• Demonstrated experience in Identifying, assessing and advising on technology risks.
• Excellent organizational, problem solving, interpersonal and operating skills to effectively drive the IT Risk agenda with IT functions.
• Strong communication skills at all levels able to effectively communicate with IT and senior management, as well as line staff to drive IT risk mitigation initiatives and other IT risk management related areas.
• Experience in driving IT risk management in digital age a plus.
• Knowledge of nformation Security, System Resiliency & Availability & Software development practices and frameworks and regulatory requirements preferred.
• Subject matter expertise in Site Reliability Engineering, including but not limited to the following areas:
  • SDLC governance (includes, CICD, SQA)
  • DevOps, Release & deployment
  • Change management
  • Problem/Incident management
  • Disaster recovery
• Good technical competencies and exposure to IT application or infrastructure development, support and management.
• Demonstrated experience of leveraging data and analytics to get stakeholder buy-in is a plus.

Soft Skills:

• Strong executive communication(for Technology EXCO-level reporting).
• Ability to translate technical risks into business impact.
• Leadership in driving cultural change toward risk awareness.

Education & Certifications:

• Bachelor's/Master's in Computer Science, or related field.
• Certifications (Required):CISA, CISSP, CRISC, CISM, or equivalent.