Technology Risk Officer - Singapore - CREDIT AGRICOLE CORPORATE AND INVESTMENT BANK

Description

Role Description:

The candidate is a 2nd LoD technology risk manager who is responsible for ensuring identification, assessment, and mitigation of technology-related risks and reporting independently risks, concerns and impact to Credit Agricole CIB SGP management via the SGP ORM channel. This involves collaborating closely with the IT application and infrastructure; Information Security stakeholders to address IT risk challenges (technology risk management framework, risk & control self-assessment) and strengthen risk culture across organization.

Job Description:

• 1. Support the Head of ISAP IT Operations Control (IOC) in the overall effective and proactive management of technology risk and controls to ensure quality of internal control system of CACIB SGP.
• 2. Work closely with IT stakeholders to ensure existing Technology Risk Management Framework is regularly updated and maintained, and IT policies, procedures, and processes alignment with MAS Technology Risk Management (TRM) guidelines.
• 3. In order to identify potential threats and vulnerabilities in the IT infrastructure and systems conduct regular technology risk assessments on: a. Operational process and resiliency, b. Data and infrastructure security, c. Project management and application developments d. Cyber security set-up, e. IT infrastructure inventory (CMDB)
• 4. Drive, discuss and challenge when necessary risk assessment and adequacy of controls performed by stakeholders and IOC whilst building strong and constructive relationships with stakeholders.
• 5. Conduct periodic review on level of compliance with TRM guidelines as well as provide independent view to CACIB SGP Management via SGP ORM channel on the results of controls performed and RCSA assessment, recommendations for improvement and major technology risks and concerns
• 6. Design and implement technology risk metrics to highlight the risk exposure of information assets (data, hardware and software).
• 7. Promote awareness of risk among IT stakeholders and senior management and conduct training programs on technology risks trends to strengthen risk culture of CACIB SGP
• 8. Independently review and enhance the quality of CACIB SGP management oversight on technology risk topics as stipulated in the MAS TRMG
• 9. Contribute to the quality of reporting in CACIB SGP Permanent Control Committees and Internal Control Committees in relation to technology and cybersecurity related risks
• 10. Provides interpretation on technology risk management related banking regulations and corresponding circulars and guidelines
• 11. Ensures new regulatory Notices and its corresponding advisories / circulars / guidelines are being followed-up and duly analyzed for any gaps in implementation
• 12. Review and provide independent opinion on technology and cybersecurity risk related documents prior to their communication or submission to the MAS

Qualifications

1. University degree in information technology, computer science, or a related field

2. Open to change as the team continually adopts strategy to meet evolving regulatory and controls landscape.

3. Strong interpersonal, collaborative, and influencing skills required to drive active and robust stakeholder engagement.

4. Good integrity, motivated and able to provide independent opinion to functional line

5. Good understanding of regulatory requirements, such as MAS Technology Risk Management, Outsourcing and Notice 644, 655, 658, etc.

6. At least 10 year of experience inIT domains and IT risk assessments & controls (including RCSA), and exposure to internal & external audits including regulatory inspectionsKnowledge of the banking industry is a plus.

7. Autonomous, delivery focused and able to work in a fast-paced environment and tight deadlines without compromising attention to details whilst being capable of elaborating synthesis.

8. Hands-on experience in the following infrastructure technology, would be desirable: servers platform, middleware technologies, micro services, virtualization, network, and database

9. Strong knowledge of IT security principles, best practices, and controls

10. Practitioner and holder of IT risk certification, such as CISSP, CISA, or CRISC is a requirement

11. Candidate is required to liaise with French speaking stakeholders. Knowledge of French is essential.