Assistant Manager / Manager, Technology Risk at NTUC INCOME INSURANCE COOPERATIVE LIMITED

Singapore, , Singapore -

Full Time

Start Date

Immediate

Expiry Date

14 Jul, 26

Salary

0.0

Posted On

15 Apr, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Technology risk management, Third-party risk management, Cyber risk, Information security, IT resilience, Business continuity management, Regulatory compliance, Risk assessment, Incident management, Stakeholder management, Project management, IT audit, SDLC, Vulnerability management, Identity and access management, Communication skills

Industry

Insurance

Description

The Assistant Manager/Manager, Third Party & Technology Risk is responsible for providing second line of defence (2LoD) oversight and challenge over technology risk and third‑party arrangements. The role ensures third‑party and technology risks are consistently identified, assessed, challenged, monitored, and escalated, in line with internal policies, risk appetite, and regulatory expectations. Key Responsibilities 1. Third‑Party Risk Oversight * Provide 2LoD review and challenge over third‑party risk assessments. Assess inherent and residual risk, adequacy of controls, and quality of risk conclusions. * Advise business and contract owners on risk scoping, applicability, exemptions, and re‑assessment triggers, including non‑traditional third‑party arrangements. * Ensure alignment with regulatory requirements such as MAS circulars on management of third party arrangements. 2. Technology Risk Management & Due Diligence (2LoD) * Provide independent oversight and challenge of technology risk due diligence * Review key technology risk domains, including: * Information security and cyber risk * Identity, access, and privileged access management * Vulnerability, patching, and security testing * Incident management and notification readiness * IT resilience, BCM, and recoverability * SDLC, change, migration, and cutover risks * Challenge unsupported risk acceptances, weak compensating controls, and control assumptions lacking evidence. 3. Project, Change, and Transformation Oversight * Provide 2LoD technology risk oversight for material projects, system implementations, migrations, and decommissioning activities. Escalate material risks where residual exposure is inconsistent with risk appetite. 4. Monitoring, Issues, and Escalation * Oversee ongoing monitoring of third‑party and technology risks * Review and challenge risk issues, deviations, and time‑bound risk acceptances. * Identify themes, systemic weaknesses and key risk indicators for escalation to management and risk committees. 5. Incidents * Provide 2LoD oversight of technology and third‑party incidents, ensuring root causes and corrective actions address underlying control gaps. 6. Governance, Advisory, and Continuous Improvement * Act as a trusted risk advisor and effective challenger to other business units, IT, Compliance, Legal, Procurement, and Risk teams. * Contribute to the enhancement of technology risk and third‑party risk policies, standards, guidance, and reporting. * Support audits, regulatory reviews, and senior management queries relating to technology and third‑party risk. Qualifications: * Degree in Information Technology, Information systems, Accountancy or Business Administration or a recognised professional qualification. * 6–10 years’ experience in technology risk, third‑party risk or IT audit. Prior experience in financial institutions and/or a 2LoD oversight or challenge role will be preferred. * Strong understanding of technology, cyber, and third‑party risk management. * Ability to engage senior stakeholders while maintaining independent risk judgement. * Analytical and structured with excellent communications skills. * Strong project management and facilitation skill.

How To Apply:

Incase you would like to apply to this job directly from the source, please click here

Responsibilities

The role provides second line of defence oversight for technology and third-party risk, ensuring risks are identified, assessed, and monitored in line with regulatory expectations. It involves advising business units on risk scoping, challenging control assumptions, and overseeing material projects and incidents.