Job Description

The Assistant Manager/Manager, Third Party & Technology Risk is responsible for providing second line of defence (2LoD) oversight and challenge over technology risk and third‑party arrangements. The role ensures third‑party and technology risks are consistently identified, assessed, challenged, monitored, and escalated, in line with internal policies, risk appetite, and regulatory expectations.

Key Responsibilities

1. Third‑Party Risk Oversight

• Provide 2LoD review and challenge over third‑party risk assessments. Assess inherent and residual risk, adequacy of controls, and quality of risk conclusions.
• Advise business and contract owners on risk scoping, applicability, exemptions, and re‑assessment triggers, including non‑traditional third‑party arrangements.
• Ensure alignment with regulatory requirements such as MAS circulars on management of third party arrangements.

2. Technology Risk Management & Due Diligence (2LoD)

• Provide independent oversight and challenge of technology risk due diligence
• Review key technology risk domains, including:
  • Information security and cyber risk
  • Identity, access, and privileged access management
  • Vulnerability, patching, and security testing
  • Incident management and notification readiness
  • IT resilience, BCM, and recoverability
  • SDLC, change, migration, and cutover risks
• Challenge unsupported risk acceptances, weak compensating controls, and control assumptions lacking evidence.

3. Project, Change, and Transformation Oversight

• Provide 2LoD technology risk oversight for material projects, system implementations, migrations, and decommissioning activities. Escalate material risks where residual exposure is inconsistent with risk appetite.

4. Monitoring, Issues, and Escalation

• Oversee ongoing monitoring of third‑party and technology risks
• Review and challenge risk issues, deviations, and time‑bound risk acceptances.
• Identify themes, systemic weaknesses and key risk indicators for escalation to management and risk committees.

5. Incidents

• Provide 2LoD oversight of technology and third‑party incidents, ensuring root causes and corrective actions address underlying control gaps.

6. Governance, Advisory, and Continuous Improvement

• Act as a trusted risk advisor and effective challenger to other business units, IT, Compliance, Legal, Procurement, and Risk teams.
• Contribute to the enhancement of technology risk and third‑party risk policies, standards, guidance, and reporting.
• Support audits, regulatory reviews, and senior management queries relating to technology and third‑party risk.

Qualifications:

• Degree in Information Technology, Information systems, Accountancy or Business Administration or a recognised professional qualification.
• 6–10 years’ experience in technology risk, third‑party risk or IT audit. Prior experience in financial institutions and/or a 2LoD oversight or challenge role will be preferred.
• Strong understanding of technology, cyber, and third‑party risk management.
• Ability to engage senior stakeholders while maintaining independent risk judgement.
• Analytical and structured with excellent communications skills.
• Strong project management and facilitation skill.