Tech Risk Supervisor

What The Role Is

The Monetary Authority of Singapore (MAS) is Singapore’s central bank and integrated financial regulator.

As central bank, MAS promotes sustained, non-inflationary economic growth through the conduct of monetary policy and close macroeconomic surveillance and analysis. It manages Singapore’s exchange rate, official foreign reserves, and liquidity in the banking sector.

As an integrated financial supervisor, MAS fosters a sound financial services sector through its prudential oversight of all financial institutions in Singapore – banks, insurers, capital market intermediaries, financial advisors, and stock exchanges. It is also responsible for well-functioning financial markets, sound conduct, and investor education.

MAS also works with the financial industry to promote Singapore as a dynamic international financial centre. It facilitates the development of infrastructure, adoption of technology, and upgrading of skills in the financial industry.

Join us now, if you have a genuine interest in making an impact to help shape Singapore’s economic and financial landscape

What You Will Be Working On

You will be part of a team of experienced technology and cyber risk management professionals tasked to supervise some of the most important and largest local and foreign bank as well as digital banks in Singapore on their IT implementation and their management of technology risk management and cyber security. You will closely oversee and assess the adequacy of the banks’ technology risk management and cyber security plans and programmes, take supervisory actions on lapses, direct the banks on actions needed and advise MAS lead supervising departments as well as senior management on your professional assessments.

Key Responsibilities Include

• Onsite and offsite inspections of banks and other financial institutions (including Domestic Systematically Important Banks, Critical Information Infrastructure Owners/Operators and global banks) on thematic control areas, such as privileged access management, network/system resilience, cyber security measures, Secure Development Lifecycle (SDLC), IT service management, change management, disaster recovery, incident/problem management, operational processes, IT third party risk management and IT governance (e.g. Three-Lines of Defence model)
• Assessment of adequacy of Technology Risk Management (including cyber security) as part of MAS CRAFT process, with a comprehensive review / benchmarking of all technology and cyber risk control areas and provide professional opinion on risk rating, supervisory messages and directions to the banks
• Oversee FIs’ management of IT and cyber incidents, including timely response & recovery, adequate root cause analysis, disaster recovery, business continuity management, public communications and subsequent remediations of control gaps
• Assess banks’ breaches of MAS regulations, recommendation on supervisory actions, issuance of directions to banks on actions needed, monitoring and assessment of banks’ progress. Conduct Boardroom conversations with banks’ Board and Senior Management, closely and regularly engage banks’ IT/security/risk management leadership on IT governance, technology and cyber risk management and compliance matters, and deep dive with banks’ IT professionals and auditors on IT/security architecture, implementation and operations matters
• Research on emerging technology and cyber risk issues as manifested/forecasted in the banks within the team’s portfolio or as assigned, formulate an assessment and supervisory response, presentation of findings and seek approval of recommendations, and manage issues / implement solutions / issue guidance to banks
• Support Team, Division, Department, Group and MAS roles and duties such as meetings secretariat, management reports, response to public & parliamentary queries, FI incident reporting, escalation to management and MAS crisis management.
  
  
  

What We Are Looking For

• Candidate should have the aptitude and strong interest in IT/cybersecurity audit
• Candidates with relevant working experience (including in related technology risk and cyber security areas) can be considered for more senior positions
• Candidate should have excellent written and spoken communication skills that emphasizes clarity/readability, robust logic and precision
• Candidate should be a team player, be able to support & complement team members and work across organisational lines
• Candidate should be a self-starter, methodical in task execution and meticulous in task deliverables, with key project management skills that include working with limited resources & tight timelines, innovative problem solving and excellent stakeholder management
  
  
  

As part of the shortlisting process for this role, you may be required to complete a medical declaration and/or undergo further assessment.

All applicants will be notified on whether they are shortlisted or not within 4 weeks of the closing date of this job posting.