Process Management (Risk & Compliance) - ED

As Singapore’s longest established bank, we have been dedicated to enabling individuals and businesses to achieve their aspirations since 1932. How? By taking the time to truly understand people. From there, we provide support, services, solutions, and career paths that meet their individual needs and desires.

 Today, we’re on a journey of transformation. Leveraging technology and creativity to become a future-ready learning organisation. But for all that change, our strategic ambition is consistently clear and bold, which is to be Asia’s leading financial services partner for a sustainable future.

 We invite you to build the bank of the future. Innovate the way we deliver financial services. Work in friendly, supportive teams. Build lasting value in your community. Help people grow their assets, business, and investments. Take your learning as far as you can. Or simply enjoy a vibrant, future-ready career.

Your Opportunity Starts Here.

Group Operations and Technology (O&T) provide IT and backroom support across the bank's business lines such as Group Consumer Financial Services, Group Corporate Banking, Global Treasury, Group Risk Management, Group Finance, and Group Human Resources.

In addition, Group O&T runs the bank’s regional processing centres and technology operations, drive for productivity gains and lower unit costs by instilling a quality culture, and leverage on the synergy from cross border processing hubs in Singapore, Malaysia and across the region.

The objective of Group O&T Risk & Prevention (R&P) is to establish a risk awareness and compliance culture that helps Group O&T to manage risks. In supporting O&T departments, Group Risk and Regulatory Compliance Unit as the Division Compliance Officer, Business Continuity Management Coordinator and Ops Risk management Coordinator, R&P undertakes the following responsibilities:

• Coordinate and facilitate the implementation of Operational Risk & Compliance policies, methodologies, and initiatives for proactive risk management by Group O&T.

• Monitor and uplift the Division's risk and compliance management performance through tracking of audit issues, compliance breaches and loss events.

• Provide independent review of risk assessments performed by O&T for new/changed processes to ensure integration of risk management to internal processes.

• Manage the audit engagement process, track, and ensure timely closure of issues.

Promote awareness of risk among O&T staff and educate them on methodologies and processes for risk management and compliance.

Role Description:

The candidate is expected to take a leadership role in ensuring that technology-related risks are proactively identified, assessed, and effectively mitigated. This includes leading collaboration efforts with technology teams and regional Risk & Prevention (R&P) functions across the OCBC Group to address technology risk challenges and to drive a strong risk culture within Group Operations & Technology (O&T).

The candidate will lead a small team responsible for end-to-end management of all technology-related audits across the bank. The role ensures strong audit-preparedness and high-quality coordination. The candidate is expected to provide expert advisory on technology controls, MAS and regulators expectations, and bank’s risk framework.

Duties & Responsibilities:

1. Support the Head, Technology Risk and Head, R&P in the overall effective and proactive management of technology risk and controls in Group O&T.

2. Act as a liaison party for technology audits (internal, external and reviews) to support stakeholders in, as well as tracking, reporting and root causes are addressed.

3. Work closely with stakeholders to:

a. perform infrastructure (operating systems, middleware, databases, network), applications, operations risk, and control assessments to ensure that systems’ configurations, processes, and operations, with the objective of:

• Identify, assess, treat, mitigate and articulate the risk in both technical and business context to the stakeholders.

• Assessing compliance to the bank’s standards and policies, as well as statutory and regulatory requirements.

4. Key representative for Technology team in risk-related committees and forums

5. Collaborate with O&T teams across entities locally and in the region to assess risk profiles, identify potential areas of lapses, or non-compliance and develop risk mitigation strategies for sustained controls.

6. Design and implement automated audit risk monitoring and reporting that provides alerts and dashboards to help management and stakeholders make informed decision.

7. Develop and deliver training and awareness programs to educate stakeholders emerging trends in risk.

8. Provide advice, objective review and challenge to risk issues/ process changes identified by stakeholders to ensure technology-related operational risk identified is assessed adequately, and appropriate controls are in place to mitigate the risks.

9. Continuously uplift our risk standards as the custodian of the ITMP.

Open to change as the team continually adopts to strategy to meet evolving regulatory and controls landscape. Good understanding of regulatory requirements, such as MAS Technology Risk Management, Outsourcing and Notice 644, 655, etc. Understanding of regional regulatory requirements is a plus. Experience with performing IT risk and control assessments (including RCSA) and managing audits (internal and external) as well as regulatory inspections. Good understanding and experience (preferred) of DevOps, SRE, Agile methodologies and experience with CI/CD approach and tools. Hands-on experience in the following infrastructure technology, would be desirable:

• Servers Platform

• Middleware technologies

• Microservices

• Virtualization

• Network

• Security

• Database

Experience in developing and implementing dashboards/ data visualization, heatmap presentation of metrices. (desirable)

Academic:

Minimally, a university degree in technology (or technology-related discipline) with at least 15 years of experience in audit/ IT security/ risk management. Practitioner and holder of IT risk certification, such as CISSP, CISA, or CRISC or other IT/IT security related certifications would be advantageous.

Core Competencies:

Successful candidates should have a strong background in technology risk management, as well as hands-on experience in technology domains or audit/compliance. They are driven, self-motivated individuals that demonstrates initiative and results oriented. Forward-thinking and interested in keeping up to date with developments and best practices in risk management, analytics and automation, the candidate should be hands-on, have good analytical skills, attention to details and have excellent communication and collaboration skills, as well as strong ability to lead, manage stakeholders (internal and external), adopt and work effectively in a dynamic, fast-paced, demanding environment.

Competitive base salary. A suite of holistic, flexible benefits to suit every lifestyle. Community initiatives. Industry-leading learning and professional development opportunities. Your wellbeing, growth and aspirations are every bit as cared for as the needs of our customers.