Tech and Security Governance Specialist

Trust is the first of a new breed of banks in Singapore – digitally native and focused on delivering a delightful customer experience.  You will work in a fast-paced and collaborative environment to solve new and interesting challenges each day. Together with our Trust team, you will help shape the future of our bank.  

As a Tech and Security Governance Specialist, you will acquire new ways of working and be involved in solving interesting challenges, building innovative, industry-leading products and digital journeys for our customers and managing risks intelligently.  Professionally, you will have the opportunity to work with cutting-edge cloud technologies, expand your security risk expertise in cloud and banking domains.

Job Description

The Tech and Security Governance Specialist functions within Line 1.5, bridging the gap between first-line operations and second-line risk management in our cloud-native banking environment. This role combines hands-on security expertise with risk management capabilities to provide risk oversight of the Bank’s Security posture while ensuring compliance with financial services regulations and cloud security frameworks.

Key Responsibilities:

• Develop, monitor and report on Key Control Indicators (KCIs) for critical security controls incl trend analysis reports on KCI performance and control effectiveness


• Track, assess and report on the impact of emerging security regulations and risk advisories on emerging threats and control implications.


• Conduct comprehensive technology risk assessments for cloud platforms and banking applications


• Design and implement control testing methodologies for cloud environments


• Perform regular control effectiveness assessments and validation


• Develop and maintain risk and control matrices mapping to regulatory requirements


• Lead control remediation efforts and track closure of identified gaps


• Guide implementation of controls to meet the financial and cloud-specific regulatory requirements.


• Support external, internal and regulatory examinations and audits


• Report on security risks to senior management and risk committees


• Prepare and deliver monthly security posture updates to the Technology and Information and Cyber Risk committee.

Key Relationships:

• Reports to: Head of Technology Risk


• Strategic Partnership: CISO (consultative relationship for security strategy alignment)


• Other Key Stakeholders: 
  
  
  
  • First Line: Cloud Engineering, DevOps Teams
  
  
  • Second Line: Risk Management, Compliance Teams
  
  
  • Regulators, Internal and External Auditors
  
  
  
  

Required Qualifications

Experience

• 8+ years of information security experience, with 5+ years in banking/financial services


• Proven experience in cloud security and GRC within regulated environments

Technical & Analytical Skills

• Must possess at least one of following certifications - CISSP, CISA, CISM, CRISC, GIAC.


• Experience in developing and tracking Key Control Indicators (KCIs)


• Ability to create clear, actionable risk assessment reports


• Strong data analytics skills for control performance monitoring


• Expertise in security metrics and dashboard development


• Understanding of cloud security (AWS, Azure, GCP)


• Knowledge of container security and microservices architecture


• Understanding of API security and banking integrations

Risk and Control Knowledge

• Expert knowledge of risk assessment methodologies and frameworks


• Deep understanding of control design and testing approaches


• Experience with control automation and continuous monitoring


• Proficiency in risk quantification and measurement techniques

Domain Knowledge

• Strong understanding of banking regulations and compliance requirements


• Good understanding of the payment card industry and Swift Customer Security Controls Framework requirements.

Soft Skills

• Ability to communicate effectively to regulators and auditors


• Strong stakeholder management across technical and business teams


• Experience in navigating regulatory and external examinations


• Excellent documentation and reporting skills