The Group Technology Risk Assurance function supports the technology infrastructure functions in DBS Group to ensure that IT risks and control deficiencies are identified, and suitable remediation is implemented as appropriate.
The Group Technology Risk Assurance Manager is a technical IT risk and security subject matter expert, and reports to the Head of Group Technology Risk Assurance.
The individual will be responsible for assessing the risk and compliance state of key controls for critical applications and programs and serve as an in-
unit control function. This is a unit within the Group Technology Services (TS), that oversees and manages the Group’s technology infrastructure across multiple locations and owns the key IT service management processes.
Cross-discipline exposure to open source, virtualization / cloud, automated processes, platform, storage, network, desktops, servers, security, DevOps, etc.
are essential for this position. The incumbent is a driven, self-starter, who plays an active role working in a dynamic environment with the infra teams to embed controls in their processes and operations.
Additionally, the incumbent need to have analytical skills in order to assess information and identify potential risks. They also possess problem-
solving skills to be able to determine how to reduce those risks. Incumbent should be inquisitive on risks and controls issues and rationalize their mitigation.
Communication skills are important, because they must develop clear protocols, inform management about potential risk issues and relay information as well as impact about policy changes effectively.
Required education or prior practical experience :
Data analytics, various programming languages (e.g., JSON, yaml, python, etc.), digital tools (e.g., Grafana / kibana, Prometheus, ansible, etc.
system security and information security. With focus on IT risk management that may include information security strategy design and risk management assessment.
Need to be familiar with regulations applicable to the financial industry.
Use of OSS to actively participate in the Bank’s DevOps, SRE teams to embed controls. 2. Evolve the way IT configurations, processes, and controls are assessed, monitored and mitigated, both internally and at our outsourced service providers (OSP).
Ability to use analytical thinking and automation (scripting) to solve security, risk and control issues.
Develop, deploy or simulate technical test cases, and / or POC, and follow up on control issues for proper implementation, at the same time, develop a mechanism / solution to ensure the issue is also adequately addressed across function and locations.
Collaborate with security architecture and engineers, infrastructure and applications teams and vendors to identify innovative security as well as controls and actively apply these solutions to advance DBS Group security and controls posture in our internal processes and outsourced vendor operations.
Identify, through automated means, security operations gaps, vulnerabilities, associated risks and mitigation strategies in our internal and outsourced service providers (OSP) environment.
Liaise with external auditors and regulators.
IT professional with good understanding of technology platform and solutions;
Familiar with technical security solutions surrounding various technologies such as but not limited to : IDS, IPS, firewall management, antivirus, content filtering, secure email solutions, network sniffing, log management & analysis, forensics, VPN, load balancing, routing, switching and network management.
Up to date with open-source development & tools preferred, using tools & techniques relating to searches, data manipulation & movements, etc.
Experienced IS or risk professional with experience and exposure to Agile, DevOps, SRE and cloud technologies (preferred).
Prior experience in either banking, IT risk management, security-related or IT audit (preferred)
Good interpersonal and communication skills - spoken and written.
Good planning and other project management skills, including strong organisation skills.Must be solutions oriented; ability to work with all levels of management and staff.
Self-driven, passionate about hands-on learning on emerging technologies and its risks. Self-starter, performance-oriented individuals.
Experience in outsourced vendor management.