Operations & Cyber Assurance Lead

About the Bank:

We are a growing regional digital bank group and are revolutionizing financial banking services across Southeast Asia. Our mission is to unlock big dreams and drive financial inclusion throughout the region. As a regional digital bank, we have the right foundation—data, technology, and trust—because we are Built With Heart. We believe that real impact starts with real people. If you're ready to Own The Mission and help us shape the future of Digital banking, we invite you to join us.

About the Team:

You will join the dynamic Tech and Cyber Risk Governance team, operating as a vital second line of defence (2LoD) function. We are the dedicated guardians of GXS Bank's digital resilience, responsible for establishing, maintaining, and overseeing robust governance frameworks to effectively manage Technology, Cybersecurity, Business Continuity Management (BCM) and Third-Party Security Risk Management (TPSRM) across the Bank. Our team plays a pivotal role in identifying, assessing, mitigating, and monitoring these risks, particularly those introduced through our extensive third-party ecosystem. We collaborate extensively across Technology, Operations, Business Units, and other control functions to ensure the bank operates securely, complies with regulatory requirements, and confidently pursues its innovative goals. We champion a proactive risk culture and value deep expertise, critical thinking, and continuous improvement.

Key Responsibilities:

As a key member of the Tech and Cyber Risk Governance team, you will play a key role in shaping and executing the Bank's strategy for managing technology and cyber risk. Your expertise is crucial for safeguarding the Bank's operational resilience, ensuring regulatory compliance, and enabling secure innovation.

Risk and Control Governance

• Develop, implement, and maintain the Bank’s comprehensive technology and cyber risk, and BCM frameworks, policies, and standards, ensuring alignment with regulatory requirements (MAS TRM, BCM Guidelines & Outsourcing Guidelines) and best practices.

• Drive adherence to these frameworks and standards across business and technology functions.

• Oversee and perform formal risk assessments and manage the risk acceptance process according to Bank policies and risk appetite.

Technology and Operational Resilience

• Lead complex technical security and operational resilience risk assessments of third parties (cloud, software vendors, etc.) throughout their lifecycle. Ensure third-party exit strategies and disaster recovery capabilities are tested and aligned with the Bank’s recovery time objectives (RTO).

• Drive tech/cyber/BCM Key Risk Indicator (KRI) definition and reporting against the Bank’s risk appetite.

• Track and manage key tech/cyber risks and issues, providing regular updates to management and committees.

• Oversee the broader Third Party Risk Management (TPRM) process, ensuring Disaster Recovery (DR) and exit strategies are validated.

Third Party Resilience Assessment 

• Conduct in-depth technical validation of third-party security controls, architecture, and evidence, such as SOC reports, pen tests, and BCM/DR test results.

• Plan, lead, and execute onsite technical security and operational resilience assessments at critical third-party locations.

• Design and enhance technical assurance methodologies and procedures.

• Explore and evaluate GenAI tools to improve assessment efficiency and depth.

• Identify and document technical risks/gaps; collaborate on and track effective remediation plans.

Maintenance of Legal and Regulatory Obligations

• Serve as the primary technical security and BCM SME for TPSRM and tech/cyber risk matters, providing pragmatic guidance.

• Collaborate with stakeholders (Procurement, Legal, etc.) to embed security requirements into third-party contracts.

• Manage tech/cyber/BCM regulatory obligations (esp. MAS), track compliance, and oversee the technical aspects of Business Impact Analysis (BIA).

• Provide mentorship and uplift tech/cyber risk and resilience awareness Bank-wide.

Required Qualifications:

• 5+ years combined experience in banking or financial services, including proven experience in Disaster Recovery (DR) oversight and BCM governance.

• Direct, hands-on TPSRM experience, including leading technical security assessments. Experienced in conducting Business Impact Analysis (BIA) and validating third-party DR sites.

• Deep technical security expertise across multiple domains (Cloud, Network, AppSec, IAM, Data Security, Vuln. Mgmt, etc.).

• Strong working knowledge of MAS regulations (TRM Guidelines, BCM Guidelines, Outsourcing Guidelines).Familiarity and knowledge in BCM guidelines outside Singapore (e.g. MY BNM) are useful.   

• Familiarity with MAS Notices (e.g. 634, 626, 635, 658, FSM N05, FSM N06) and security frameworks (NIST CSF, ISO 27001/2, CIS).

• Proven experience planning and conducting onsite vendor technical assessments.

• Exceptional analytical, critical thinking, and problem-solving skills.

• Strong stakeholder management, influencing, negotiation, and conflict resolution skills.

• Bachelor’s degree in a relevant technical field (CompSci, InfoSec, Engineering) or equivalent work experience.

• Professional certifications (CISSP, CISM, CISA, CRISC, CCSP, etc.).