Assistant Manager, Technology Risk Advisor

  • Job category
    Information Technology
  • Job level
  • Contract type
    Permanent, Full Time
  • Location
  • Salary
    S$5000 - S$8500

Job Description

You will be part of the Technology Risk Advisory (TRA) team under the Information Technology Risk & Security (ITRS) department of Income. TRA section is responsible for strategizing & oversight of Technology Risk Management (TRM) compliance tasks and projects, ensuring TRM controls and measures are implemented in a timely and cost effective manner in supporting Income’s line of businesses.


  • Work under the supervision and guidance of the Technology & Cyber Risk Manager to identify, assess, manage, monitor and report on technology risks and controls
  • Perform due diligence on third party vendors and services, assess its residual risk and update to the risk register
  • Work with business units to determine the controls necessary to remediate identified risks and vulnerabilities; negotiate dates for remediation to be completed and report on progress
  • Identify opportunities for improvement in control effectiveness and efficiencies from people, process and technology perspectives
  • Conduct compliance audits on major technology and outsourcing providers
  • Conduct routine risk monitoring activities on emerging cyber threats and risk management trends, issues and alerts
  • Assist in the development of appropriate information security policies, standards, procedures, checklists, and guidelines to meet the regulatory and organization requirements
  • Assess on policy deviation requests and identify recurring trends for hidden problems for policy refinements
  • Enforce adherence to requirements of MAS Technology Risk Management (TRM) Guidelines, MAS Notices on Cyber Hygiene and Income’s Technology Risk Policy and Standards
  • Provide security consultation to project teams and other departments on information security related matters

Qualifications - External

  • Degree holder in Information Technology, Info Systems, Computer Science or equivalent
  • CISA, CRISC, CISM, CISSP certifications
  • 5 or more years in Infomation Security field with at least 2 years in IT risk management
  • Experience with RCSA process of risk management
  • Familiar with Due Diligence and Outsourcing processes
  • Insurance domain knowledge will be an advantage
  • Knowledge of common IT technologies (cloud, OS, databases, network, applications)
  • Familiarity with International standards and best practices such as ISO 27001, ISO 31000, NIST, etc.
  • Strong communications skills to be able to interact with technical and non-technical colleagues
  • Good interpersonal, verbal and written communication skills

Closing on 31 Oct 2021

orview more job listings from this company