Manager, Technology Risk

ROLE PURPOSE: Provide technical expertise in risk quantification analysis to promote the development of sound technology risk management in the financial industry for financial stability and public confidence. PRINCIPAL ACCOUNTABILITIES: Develop risk quantification infrastructure via adaptation of proven models, methodologies or practices, for effective prioritisation of high impact IT and cyber risks measures. Perform thematic review or relevant studies on the adequacy of risk quantification models and methodologies adopted by financial industry to promote best practices to the industry. Promote the use of big data and artificial intelligence in technology supervision.

Lead horizontal surveillance to identify and escalate emerging risks across financial industry. Provide tactical and strategic recommendation to prevent build-up and propagation of excessive risk in the financial system. Lead assessment on complex technical areas to support supervisory assessment and policy development. Apply continuous improvement that is fit-for-purpose in line with regulatory requirements and global best practices. Prepare written reports, presentation material and public communique where required. Ensure quality output of work produced by risk analyst. Communicate results to the stakeholders and execute action plan.

Work closely with relevant stakeholders in the Bank and industry to sustain effective two-way communication. Internal: engage with Relationship Managers (RMs) of supervision departments to ensure overall supervisory response is appropriate and coordinated, and the reporting overhead incurred is minimised. Network with industry players (e. g. CIO/CISO/CRO of banks), major technology providers, relevant government agencies to gather market sentiments, trends and current emerging issues. Capability building to strengthen IT risk management: Pay-it-forward: provide leadership and oversight to feeder pool (L1). Show-the-way: Participate in designing and conducting supervision courses and knowledge sharing sessions. Make-it-simple:

Conduct process improvement initiatives to make work effective. CRITICAL SUCCESS FACTORS: Strong individual contributor with ability to coach team member;Effective collaboration and networking with internal and external stakeholders;Effective use of technology and suptech tools;Rigor in research and output preparation;Sound judgement to apply fit-for-purpose risk management best practices;Ability to see the big picture and dynamics at play for commercial entities;Ability to assess complex issues, identify pragmatic solutions and communicate/ escalate concerns clearly and effectively;Comfortable to push the boundary whilst apply appropriate boundary management for sustained performance. REQUIREMENTS: Academic: Min.

Bachelor Degree in computer science/ data science or any other relevant degree. Experience: Min 5 years in IT quantitative risk analysis, data analytics, IT risk audit and management. Professional certification related to risk quantification analysis, information systems security, auditing, control, assurance and risk management, e. g. ISACA CISA/ CISSP/ CRISC/ CGEIT/ CDPSE, ISO27001, CEH, CQRM, OpenGroup FAIR, ITIL, TOGAF, CCSM/CCSK or other related certifications.