IT Risk & Control Lead

ING Wholesale Banking in Singapore 

Job Overview

The IT Risk & Control Lead plays a pivotal role in the review and assessment of various IT Minimum & Control Standards used to control the risk level of IT within the bank and ensuring that the IT Risk stays within the level accepted by the bank. The candidate will perform GAP analysis between Minimum/ Control Standards and the actual state of the IT environment including the expected evidences to comply with the Standards.  The candidate will also advise and support the IT Custodians of business application in the remediation process and ensure that the end state complies with the IT risk and control minimum standards.

Job Responsibilities

• Team lead for IT Risk & Control Analysts
• Managerial activities to support offshore team members.
• Review IT minimum standards and control objectives for IT minimum standards in the areas of IT Risk Management, IT Service Configuration Management, Identity and Access Management, Platform Security, IT Resilience, Change Management, Security Detection & Response, Vulnerability Management and Cyber Security
• Perform gap analysis and document proposals for remediation. Initiate and ensure remediation by IT Custodians. Support and advise IT Custodians in the remediation process.  IT Custodians can be on-shore or off-shore outside Singapore
• Gather evidences for compliance of the IT Minimum/ Control standards at IT Assets Level and at Entity Level, perform a quality check of the gathered evidences against the approved Quality Criteria and submit the evidences into the IT Risk Control and Measurement tool
• Develop and Communicate the Strategy and Plan on how to achieve the Quarterly IT Risk Opinion to IT Custodians on regular basis
• Assist in testing and implementation of Key Risk Indicators (KRIs) which will be used as a point of reporting in the IT Risk Opinion Report
• Monitor KRIs regularly to track changes in risk levels and assess KRI effectiveness
• Take the lead in updating the quarterly IT Risk Opinion Report with the team, and ensure that local CIO and IT Custodians are aligned with the IT Risk Opinion Report
• Be IT Risk Ambassador representing IT in all discussions pertaining to IT Risk Control and Measurement tool and process improvements and automations
• Collaborate with IT Process Lead to ensure that IT Process related procedures impacting IT Risks are updated to ensure compliance to IT minimum/ Control standards in mentioned areas
• Oversee and report on progress of the review, gap analysis and remediation of IT controls to management

What we're looking for:

• At least 5 years in IT risk and control area (financial sector is a plus), IT security experience is a plus
• High technical education or an equivalent combination of education and experience
• Comprehensive knowledge and experience in risk mgmt. including knowledge on enterprise-level IT processes and controls
• Knowledge of security frameworks like ISO/BS and COBIT is a plus
• Middle level experience in Excel (pivot tables, reports, basic macro skills)
• Knowledge of ITIL is a plus
• Good communication skills and good writing skills
• Self-directed and motivated
• Integrity, highly analytical mind and multi-tasking skills, with good follow-through
• Delivery oriented - used to meeting strict deadlines, while producing quality work