WHO WE ARE:

As Singapore’s longest established bank, we have been dedicated to enabling individuals and businesses to achieve their aspirations since 1932. How? By taking the time to truly understand people. From there, we provide support, services, solutions, and career paths that meet their individual needs and desires.

Today, we’re on a journey of transformation. Leveraging technology and creativity to become a future-ready learning organisation. But for all that change, our strategic ambition is consistently clear and bold, which is to be Asia’s leading financial services partner for a sustainable future.

We invite you to build the bank of the future. Innovate the way we deliver financial services. Work in friendly, supportive teams. Build lasting value in your community. Help people grow their assets, business, and investments. Take your learning as far as you can. Or simply enjoy a vibrant, future-ready career.

Your Opportunity Starts Here.

Technology Risk Manager, Risk & Prevention, Group Operations & Technology (AVP- VP)

Why Join

As a Risk Manager in Risk & Prevention at OCBC, you'll play a critical role in ensuring the bank's operations are efficient, effective, and compliant with regulatory requirements. You'll have the opportunity to make a meaningful impact on the bank's risk management framework and contribute to its long-term success.

How you succeed

The candidate is responsible to ensure that technology-related risks are identified, assessed, and mitigated appropriately. This involves collaborating closely with the technology teams and regional R&P across the OCBC group to solve technology risk challenges and strengthen Group O&T’s risk culture.

What you do

• Support the Head, R&P – Technology Risk in the effective and proactive management of risk and controls for technology and outsourcing in Group O&T. Collaborate with stakeholders to:
• Perform infrastructure (operating systems, middleware, databases, network), applications, operations risk, and control assessments to ensure systems’ configurations, processes, and operations:
  • Identify, assess, treat, mitigate, and articulate risks in both technical and business contexts.
  • Ensure compliance with the bank’s standards, policies, and statutory and regulatory requirements.
• Conduct risk and control assessments related to outsourcing and business continuity management to ensure adequate controls and compliance.
• Challenge, drive, and discuss controls or risk mitigation solutions while building strong, respectful relationships.
• Support stakeholders in audits (internal/external) and regulatory reviews and inspections, ensuring tracking, reporting, and addressing root causes.
• Collaborate with O&T teams across entities locally and regionally to assess risk profiles, identify potential lapses or non-compliance, and develop risk mitigation strategies for sustained controls.
• Provide advice, objective review, and challenge to risk issues/process changes identified by stakeholders to ensure technology-related operational risks are adequately assessed and appropriate controls are in place.
• Drive the development and implementation of automated risk assessment frameworks that identify and quantify potential risks.
• Design and implement automated risk monitoring and reporting systems that provide alerts and dashboards to aid management and stakeholders in making informed decisions.
• Develop and deliver training programs to educate stakeholders on emerging trends in risk automation.

Who you are

Adaptability: Willingness to embrace change as the team continually adjusts strategies to meet evolving regulatory and control landscapes.

Regulatory Knowledge: Strong understanding of regulatory requirements, including MAS Technology Risk Management, MAS Guidelines on Outsourcing, MAS Guidelines on Business Continuity Management, FSM-N05, FSM-N06, Notice 658, Cyber Security Act, Cybersecurity Code of Practice for CII, and Personal Data Protection Act.

Risk and Control Assessment Experience: Proven experience in performing IT risk and control assessments (including RCSA) and managing audits (internal and external) as well as regulatory inspections.

Dashboard and Data Visualization Skills: Experience in developing and implementing dashboards, data visualization, and heatmap presentations of metrics.

DevOps, SRE, and Agile Methodologies: Good understanding and preferred experience with DevOps, Site Reliability Engineering (SRE), Agile methodologies, and CI/CD approaches and tools.

Infrastructure Technology Expertise: Hands-on experience in the following areas is desirable:

• Servers Platform
• Middleware technologies
• Microservices
• Virtualization
• Network
• Security
• Database

Academic:

• University degree in technology with at least 6 years of experience in audit/ IT security/ risk management. Practitioner and holder of relevant certification, such as CISSP, CISA, CRISC, CIPM, CIPP/A & etc would be advantageous.

Core Competencies

• Technology Risk Management Expertise: Strong background in technology risk management, with hands-on experience in technology domains or audit/compliance.
• Statistical Modelling and Data Analysis: Prior experience in statistical modelling, data analysis, and data visualization tools is advantageous.
• Self-Motivation and Initiative: Driven, self-motivated individuals who demonstrate initiative and are results-oriented.
• Forward-Thinking: Interested in staying updated with developments and best practices in risk management, analytics, and automation.
• Analytical Skills: Hands-on approach with good analytical skills and attention to detail.
• Communication and Collaboration: Excellent communication and collaboration skills.
• Adaptability: Strong ability to adapt and work effectively in a dynamic, fast-paced environment.

What we offer:

Competitive base salary. A suite of holistic, flexible benefits to suit every lifestyle. Community initiatives. Industry-leading learning and professional development opportunities. Your wellbeing, growth and aspirations are every bit as cared for as the needs of our customers.