Job description

Job Description

The incumbent is responsible for leading IT Security Risk Assessments across the bank’s technology landscape, including both on-premises and third-party hosted systems. This role also involves conducting Information Security due diligence on external vendors, reviewing technology obsolescence risks, and managing IT Security Risk committees. As the Subject Matter Expert on IT Security, the incumbent ensures that all relevant security risks are proactively identified, clearly communicated, and escalated for timely business evaluation and decision-making.

Responsibilities:

• Lead and execute comprehensive IT Security Risk Assessments across all layers of technology architecture—covering both on-premises and third-party hosted systems.

• Conduct rigorous Information Security Due Diligence on third-party vendors, including on-site assessments.

• Maintain and enhance process documentation, SOPs, and checklists to ensure operational consistency and audit readiness.

• Drive targeted workstreams and support ad-hoc assignments with urgency and precision.

• Spearhead the Technology Obsolescence Risk Program, ensuring timely identification and mitigation of outdated systems.

• Partner with business stakeholders to ensure security risks are clearly communicated and understood, enabling informed decision-making.

• Lead initiatives that improve quality, efficiency, and productivity across the security function.

• Provide expert advisory on security solutions, risk mitigation strategies, and regulatory compliance (e.g., ISO 27001, MAS TRM, NIST, CCM).

• Serve as the subject matter expert on Information Security for Business, Technology, and Operations teams.

• Ensure consistent regional oversight of IT security risk management practices.

• Support and manage IT security committees and workgroups to uphold robust governance.

• Deliver timely and accurate reporting of work deliverables and audit responses.

• Continuously strategize and implement process improvements, including automation and digitization.

Requirements:

• Bachelor Degree in Computer Science, Information Technology, or a related field.

• Minimum 15 years of experience in Information Security, Technology Risk, or IT Risk Management.

• Industry certifications such as CISSP, CISM, CRISC, CISA are highly desirable.

• Proven ability to lead teams, drive change, and manage senior stakeholders.

• Strong communication and presentation skills, with the ability to engage both technical and non-technical audiences.

• Demonstrated expertise in simplifying complex workflows and delivering effective solutions.

• Must be proactive, independent, and capable of leading teams with minimal supervision.

Additional Requirements