PR/097031 | ASSISTANT MANAGER - IT RISK AND CYBER SECURITY GOVERNANCE

My client is a well‑established Japanese financial institution with a strong presence in trust banking and related financial services. The organisation operates in a highly regulated environment and places strong emphasis on sound governance, technology risk management, and information security controls. With close coordination between local operations and head office, the bank maintains a structured, audit‑ready control environment to meet regulatory and supervisory expectations across its jurisdictions.

• Provide structured support in the execution of Technology Risk Management activities in alignment with MAS Technology Risk Management (TRM) Guidelines and internal head office policies.

• Assist in maintaining a mature, well‑governed IT control environment through disciplined processes, documentation, and adherence to established operating frameworks.

• Support second‑line oversight activities across technology risk and information security, ensuring consistent application of governance practices.

• Contribute to the maintenance and review of technology and information security policies, procedures, and standards to ensure they remain current, accurate, and audit‑ready.

• Perform policy, procedure, and control reviews and support gap analysis against applicable regulatory and internal requirements.

• Develop and maintain a working understanding of MAS regulations, notices, guidelines, and circulars relevant to technology risk and cybersecurity.

• Assist in performing gap assessments against regulatory requirements and tracking remediation actions to closure.

• Support internal and external audits, regulatory examinations, and inspections by preparing documentation, evidence, and management responses.

• Coordinate with head office technology risk and cybersecurity teams on regulatory assessments, reviews, and compliance initiatives.

• Support the operation and maintenance of the Technology Risk Framework, including technology risk registers, critical system assessments, and business continuity planning activities.

• Assist in technology risk assessments, control reviews, and remediation tracking across IT and outsourced service providers.

• Monitor selected IT and security controls (e.g. patching, vulnerability notices, access management, segregation of duties) and support escalation where required.

• Contribute to management and committee reporting related to technology risk, cybersecurity posture, and regulatory compliance.

• Support vendor and outsourcing governance activities in accordance with MAS Outsourcing Guidelines.

• Assist with due diligence reviews, contract and SLA monitoring, and periodic vendor assessments.

• Review and validate technology risk and control responses provided by IT vendors and third‑party service providers, including outsourced arrangements managed by non‑IT functions.

• Work closely with internal IT teams, business stakeholders, and head office counterparts to support risk assessments, system changes, and governance initiatives.

• Support cybersecurity awareness activities and management‑level exercises, including tabletop or scenario‑based discussions.

• Perform other technology risk and cybersecurity‑related duties as assigned, under guidance from senior team members.

• Diploma or Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, Engineering, or a related discipline.

• Professional certifications such as CISA, CISM, CISSP, CRISC, or equivalent are advantageous.

• 1–3 years of relevant experience in Technology Risk Management, IT Risk, IT Audit, Cybersecurity Governance, or related functions within banking or a regulated industry.

• Foundational understanding of regulatory IT risk and security frameworks such as MAS TRM, NIST CSF, ISO 27001, SOC 2, or equivalent.

• Basic technical knowledge across networks, operating systems, access controls, and security controls sufficient to support risk and control assessments.

• Experience supporting or participating in audits, regulatory inspections, or compliance activities is preferred.

Jaspreet Kaur Sran (R22109724)
JAC Recruitment Pte. Ltd (90C3026)
#LI-JACSG