Key Responsibilities:

• Develop, implement and maintain the framework (policies and procedures, templates) for Operational
Risk Management (“ORM”) and its underlying sub-risk types; and monitor the adequacy of the
framework. Examples of ORM sub-risk types include business resilience, technology, third party and
outsourcing, data governance, and new product
• Act as subject matter expert (SME) and advise on the implementation of the ORM framework including
risk assessments, due diligence assessments and policy dispensations
• Initiate and oversee risk and control activities such as business process mapping, risk and control self-
assessment (“RCSA”) and Business Continuity Management (“BCM”) testing
• Conduct risk assessments of technologies or processes where required, e.g. Business Impact Analysis
(“BIA”), third party and outsourcing due diligence, new product assessment, etc.
• Facilitate the risk acceptance process that evaluates risk and compensating controls, identify risk
owners and set conditions on risk acceptance and obtain approval for the same
• Work with the Organisation’s “Alpha Risk” team in implementing Fraud rules, using a combination of
best practices, AI and ML tools. Monitor changes to fraud landscape, industry (e.g. digital banking,
fintech and payment) practices and technologies; and enhance the fraud risk strategy to ensure the firm
implements adequate controls across FRM to address these changes
• Monitor new regulatory requirements, conduct gap analyses against new regulations/ guidelines and
the ORM framework, to ensure compliance
• Assign and communicate the responsibilities and authorities of relevant roles
• Participate in IT, information and cyber security incident responses and review related incident reports
submitted to regulators
• Develop and provide training for employees to promote risk awareness and ensure relevant
employees are trained on the policies for OR and its sub-risk types
• Define and propose risk management metrics (e.g. key risk indicator/ key control indicator) to monitor
the risk and control environment; and periodically report to the risk committees to support senior
management in risk oversight and governance
• Monitor that employees / personnel and service providers implement controls that achieve the ORM’s
objectives and is sustainable; including the appropriateness and effectiveness of processes for the
identification, management and control of OR risks
• Monitor and provide oversight on issues and remediations
• Identify and report high risk, emerging risk trends and key issues to risk committees
• Design, implement and maintain risk management tools
• Support internal and external audit/ assessment engagements
Job Requirements:

• Bachelor's degree in computer science/ engineering, information systems or related domains

• 10+ years of experience in either information security, risk management or audit and compliance in
technology and operational areas, preferably within the financial industry
• Familiar with technology and operational risk regulatory and legislative requirements (e.g. MAS Notice
644, Notice 655, TRM guidelines, Guidelines on Risk Management Practices, Business Continuity
Management Guidelines, Guidelines on Outsourcing, Cloud Advisory, Banking Secrecy Act, Cyber
Security Act and Personal Data Protection Act) and industry standards (e.g. ITIL, SANS, NIST, ISO
27001/2)
• Professional certification such as CISSP/ CISA/ CISM/ CRISC/ CDPSE will be an added advantage