Director, Technology and Third Party Risk Management at SMBC

, , Singapore -

Full Time

Start Date

Immediate

Expiry Date

06 Aug, 26

Salary

0.0

Posted On

08 May, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Third Party Risk Management, Technology Risk Management, Risk Governance, KRI Design, Regulatory Compliance, Operational Resilience, IT Governance, GRC, Gap Analysis, Stakeholder Management, Project Management, IT Audit, Cyber Security, Risk Reporting, Control Effectiveness, Due Diligence

Industry

Financial Services

Description

Technology and Third Party Risk Management as a 2nd Line function As part of the 2nd Line of Defence, work closely with stakeholders in the 3 lines of defence to implement appropriate risk governance/oversight, design/establish metrics such as KRIs, implement controls and promote best practices that drive Technology and Third party risk management efforts, regulatory compliance and operational resilience Drive the implementation of Third party Risk Management framework in APAC branches and subsidiaries for assessing, monitoring and reporting of Third Party risks inherent in business operations, with Technology Risk, Operational Risk and Operational Resilience as key priorities Ensure the Bank’s regional and local policies, procedures and standards meet regulatory requirements in all APAC branches and subsidiaries Work closely with stakeholders in the 3 Lines of Defence to implement appropriate risk governance/oversight, design/determine/establish metrics like KRIs. Monitor trends, review and challenge (effectiveness of) controls, risk events, IT processes and promote best practices that drive technology risk Coordinate Technology and Third party risk management efforts and manage IT Governance, Risk and Compliance (GRC) activities across the APAC Offices and with HO to drive timely completion of technology risk deliverables and resolution of key risk issues Communicate technical concepts to non-technical audience and senior management and lead efforts to cultivate and promote a strong risk culture and ensure adherence to Technology and Third party risk management policies, procedures and standards Job Responsibilities: To operationalize Technology and Third Party Risk management framework (governance framework, risk identification/ monitoring/ reporting, policies, procedures, standards) in the 2nd Line of Defence To design, determine and establish KRIs, review and challenge the effectiveness of risk controls in the 1st Line of Defence and implement best risk management practices (eg. Stress tests, Due Diligence for Third-Party Service Providers/Outsourcing) To drive timely completion of technology risk deliverables and resolution of key risk issues, including risk management monitoring and reporting To perform assessment of technology risk trends, communicate technical concepts to non-technical audience and provide advisory as Subject Matter Expert (eg. For new product applications, adoption of new systems, technology) To cultivate and promote a strong technology risk management culture Requirements: Degree in IT, Computing, Computer Science/Engineering, Information Systems or any quantitative field Good knowledge of outsourcing/third party, technology and operational risk requirements and industry standards, such as MAS TPRM/TRM guidelines, ITIL, SAS, NIST, ISO27001/2 Minimum 5 years experience in Third Party Risk Management, Technology Risk Management, Information/Cyber security or IT Audit/Compliance in banking Professional certification such as CTPRP, CTPRA, CISSP, CRISC, CRCM, as well as CISSP, CISA, CISM and CRISC would be advantageous. Ability to perform gap analysis of Technology and Third Party risk management policies and processes against new regulatory requirements and guidelines. Good project management and mentorship skills and experience a plus Self-starter and a critical thinker Proactive, resourceful and able to think and act strategically and tactically Able to multi-task and work independently under tight timelines Strong oral and written communication skills Strong stakeholder management skills Culturally sensitive

Responsibilities

Operationalize the Technology and Third Party Risk management framework as a second line of defense across APAC branches. This includes designing KRIs, monitoring risk trends, and ensuring regulatory compliance and operational resilience.