As Singapore’s longest established bank, we have been dedicated to enabling individuals and businesses to achieve their aspirations since 1932. How? By taking the time to truly understand people. From there, we provide support, services, solutions, and career paths that meet their individual needs and desires.
Today, we’re on a journey of transformation. Leveraging technology and creativity to become a future-ready learning organisation. But for all that change, our strategic ambition is consistently clear and bold, which is to be Asia’s leading financial services partner for a sustainable future.
We invite you to build the bank of the future. Innovate the way we deliver financial services. Work in friendly, supportive teams. Build lasting value in your community. Help people grow their assets, business, and investments. Take your learning as far as you can. Or simply enjoy a vibrant, future-ready career.
Your Opportunity Starts Here.
This position reports into and supports the Head of Information Security and Digital Risk Management (ISDRM). As part of the second line under the Three Lines Model, ISDRM is responsible for establishing, maintaining and enhancing governance and oversight of the Bank’s technology, information, and cyber risk domains.
Job Responsibilities
Support the implementation and ongoing enhancement of the Bank’s technology, information and cyber risk management framework, in collaboration with relevant stakeholders including Group counterparts, technology teams, business and support units, and other risk management functions.
Formulate, review and update risk management framework, policies and guidelines, ensuring alignment with applicable Group standards, supervisory expectations, and industry best practices.
Act as secretariat for ISDRM-related risk management committee and working groups, and represent ISDRM in relevant Group and local risk governance meetings and forums as required.
Assist in the preparation and delivery of regular risk reports, analyses and metrics (e.g. KRIs) to the Board and senior management, providing clear insights into the Bank’s overall risk posture.
Provide independent advice, support and effective challenge on technology, information and cyber risk domains associated with new products, major technology or Fintech initiatives, strategic digital transformation projects and third-party arrangements (e.g. cloud computing).
Conduct or participate in thematic reviews and compliance assessments related to emerging risks (e.g. AI-enabled attacks) and regulatory requirements (e.g. facilitation of CRAF Maturity Assessment & iCAST).
Monitor and perform independent review of specific aspects of first-line risk management activities, including risk assessment and acceptance, incident response, change management processes, and the implementation of key controls or remediation actions.
Collaborate with Group counterparts to plan and deliver risk awareness, training and testing programs to enhance staff awareness and vigilance across the Bank.
Drive and oversee the implementation of Bank-wide information risk mitigation initiatives, including enhancements to data loss prevention controls, application remote access controls, and the detection and management of system access misuse.
Support and coordinate internal and external audits, regulatory examinations and ongoing regulatory communications relating to technology, information and cyber risk domains.
Job Requirements
A university degree in Technology, Computer Science, Information Security, Business or a related discipline.
Relevant professional certifications such as CISM, CISSP, CISA under the Enhanced Competency Framework (ECF) on Cybersecurity for a second line of defence role required.
A minimum of 5 years of relevant experience in information security, cyber / technology risk management or technology audit, gained within the financial services industry (FSI) or professional services firms serving FSI clients.
Candidates with less relevant experience will be considered for the rank of Manager.
Strong risk management mindset with a solid understanding of IT environments, evolving threat landscapes, and technology/information/cyber security controls, including relevant industry standards (e.g. ISO/IEC27001) and regulatory guidelines (e.g. HKMA’s SPM TM-G-1, C-RAF).
Good communication and stakeholder management skills, with the ability to engage effectively with both technical and non-technical stakeholders at various levels, articulate complex risk issues clearly, and provide constructive challenge with practical and proportionate recommendations. Good command of both spoken and written English and Chinese.
Self-motivated, well-organized and able to work independently as well as collaboratively within a team environment.
Demonstrates sound judgement with the ability to prioritise issues, assess materiality, and escalate risk issues appropriately.
Experience in conducting risk assessments, threat modelling or audits will be an advantage.
#LI-SL1
Competitive base salary. A suite of holistic, flexible benefits to suit every lifestyle. Community initiatives. Industry-leading learning and professional development opportunities. Your wellbeing, growth and aspirations are every bit as cared for as the needs of our customers.
OCBC is the longest established Singapore bank, formed in 1932 from the merger of three local banks, the oldest of which was founded in 1912. It is now the second largest financial services group in Southeast Asia by assets and one of the world’s most highly-rated banks, with an Aa1 rating from Moody’s. Recognised for its financial strength and stability, OCBC is consistently ranked among the World’s Top 50 Safest Banks by Global Finance and has been named Best Managed Bank in Singapore by The Asian Banker.
OCBC and its subsidiaries offer a broad array of commercial banking, specialist financial and wealth management services, ranging from consumer, corporate, investment, private and transaction banking to treasury, insurance, asset management and stockbroking services.
OCBC’s key markets are Singapore, Malaysia, Indonesia and Greater China. It has more than 570 branches and representative offices in 19 countries and regions. These include about 300 branches and offices in Indonesia under subsidiary Bank OCBC NISP, and over 90 branches and offices in Mainland China, Hong Kong SAR and Macau SAR under OCBC Wing Hang.
OCBC’s private banking services are provided by its wholly-owned subsidiary Bank of Singapore, which operates on a unique open-architecture product platform to source for the best-in-class products to meet its clients’ goals.
OCBC's insurance subsidiary, Great Eastern Holdings, is the oldest and most established life insurance group in Singapore and Malaysia. Its asset management subsidiary, Lion Global Investors, is one of the largest private sector asset management companies in Southeast Asia.
