Singapore, Singapore
Technology Risk Professional
As Head of Technology Risk, I lead the bank’s Technology and Information and Cyber Security Risk (Line 1.5) function—driving the design, implementation, and continuous evolution of a forward-looking risk management framework that supports innovation while safeguarding the bank’s digital ecosystem. I lead a team of specialists that partners closely with senior management, the Board, and regulators to ensure technology risks are well-governed, intelligently managed, and proactively addressed. My mandate is to transform traditional risk practices into an adaptive, data-driven and AI-enabled ecosystem that enables the bank to scale securely and responsibly. Key Responsibilities • Set and steer enterprise technology risk strategy, shaping policies, frameworks, and controls to meet regulatory expectations and business priorities. • Advise the Board and C-suite on emerging technology and operational risks, providing strategic insights and effective challenge. • Build and lead the Technology Risk function, embedding a strong risk culture across all business units. • Oversee independent risk assessments, scenario analyses, and control reviews to identify exposures and drive remediation at scale. • Establish and monitor key risk indicators to provide clear, data-driven views of risk posture and control effectiveness. • Lead incident governance and root-cause reviews to ensure timely response and sustainable risk mitigation. • Partner with global risk teams and business leaders to deliver coordinated, enterprise-wide risk outcomes. • Champion the shift towards intelligent, automated, and continuously adaptive risk management leveraging GenAI and advanced analytics.
- Serve as 1.5 Line of Defense for enterprise-wide technology risk and compliance, with oversight across digital banking infrastructure and cloud-native platforms. - Lead the technology risk and compliance function, delivering control testing, monthly risk profiling, and risk issue remediation across infrastructure, application, and vendor domains. - Spearhead the transformation of “build-the-bank” controls into resilient, automated “run-the-bank” operational safeguards that align with regulatory and business objectives. - Advise engineering and IT leads on secure architecture design and technical control implementation, covering domains such as AWS IAM, workload segregation, cloud security posture management (CSPM), CI/CD pipelines, and containerized deployments. - Collaborate on DevSecOps integration, enabling “shift-left” security practices, secure SDLC, and threat modeling within agile product delivery teams. - Design and maintain the bank’s GRC frameworks and information security policies, mapped to MAS TRM Guidelines, ISO 27001, and NIST CSF. - Appointed regulatory liaison officer, leading engagements and submissions to regulators (e.g., MAS), covering inspections, license applications, and incident disclosures. - Act as key advisor to business and product owners on technology and cyber risk identification, assessment, and mitigation, including web/API/AppSec risks aligned with OWASP Top 10, zero-trust planning, and data protection controls. - Champion a security-first culture by delivering targeted awareness campaigns, phishing simulations, and crisis response playbook exercises.
• Build and set-up the Asia Pacific Technology Risk and Compliance Management business unit in Singapore head office. • Supported IT Risk and Regulatory Compliance aspects of business localization projects for APAC and EMEA. • Developed and implemented cybersecurity risk management policies and procedures globally. • Developed, implemented, managed and operate the group’s global outsourcing process and operations. • Developed and implemented policies and processes for Technology Risk Management and Compliance policies • Kick-off and initiated group wide IT-SOX control assessment and re-design. • Evaluate and re-designed group wide cross department governance risk and compliance (GRC) strategy. • Lead the planning and implementation of group wide GRC tool. • Provide technology risk and compliance advice and support to global localisation projects based on local legislations and risk environment.
• Lead a team and performed IT assurance procedures for general controls over logical access, change management processes and IT operations management processes. • Lead a team and performed IT assurance procedures for application functional controls for the domains of authorization rights, system calculation, system validation and cross application interfacing. • Performed compliance review on Technology Risk Management Guidelines issued by Monetary Association of Singapore. • Lead know-your-client interviews to understand the processes of the organization and their reliance of technology in the various processes. • Perform analysis on application risks, controls and operational feasibilities for audit finding recommendations. • Management of personal time cost and budgeting for engagement assigned to. • Performed project analysis on audit documentary requirements. • Development of audit strategy and test plan specific to client’s operations processes. • Performance of process gap analysis and develop recommendations for IT implementation. • Day to day client management. • Experienced in the process analysis of the following industries: commercial and retail banking, insurance companies, manufacturing firms, telcos, education institution and government agencies.
• Performed IT assurance procedures for general controls over logical access, change management processes and IT operations management processes. • Performed IT assurance procedures for application functional controls for the domains of authorization rights, system calculation, system validation and cross application interfacing. • Performed compliance review on Technology Risk Management Guidelines issued by Monetary Association of Singapore. • Lead know-your-client interviews to understand the processes of the organization and their reliance of technology in the various processes. • Perform analysis on application risks, controls and operational feasibilities for audit finding recommendations. • Management of personal time cost and budgeting for engagement assigned to. • Performed project analysis on audit documentary requirements. • Development of audit strategy and test plan specific to client’s operations processes. • Performance of process gap analysis and develop recommendations for IT implementation. • Day to day client management. • Experienced in the process analysis of the following industries: commercial and retail banking, insurance companies, manufacturing firms, telcos, education institution and government agencies.
• Performed IT assurance procedures for general controls over logical access, change management processes and IT operations management processes. • Performed IT assurance procedures for application functional controls for the domains of authorization rights, system calculation, system validation and cross application interfacing. • Performed compliance review on Technology Risk Management Guidelines issued by Monetary Association of Singapore. • Lead know-your-client interviews to understand the processes of the organization and their reliance of technology in the various processes. • Perform analysis on application risks, controls and operational feasibilities for audit finding recommendations. • Management of personal time cost and budgeting for engagement assigned to. • Performed project analysis on audit documentary requirements. • Development of audit strategy and test plan specific to client’s operations processes. • Performance of process gap analysis and develop recommendations for IT implementation. • Day to day client management. • Experienced in the process analysis of the following industries: commercial and retail banking, insurance companies, manufacturing firms, telcos, education institution and government agencies.