Vice President - Cyber & Technology Risk Controls

Job Summary

The successful candidate will lead IT Controls (Tec & Cyber Controls) team in the ONT - Operations (OPS) & Technology (TEC) Group’s Control & Validation (C&V) Function. ONT Control & Validation Function comprises three teams: IT Controls, OPS Controls, and ONT Validation.

The IT Controls function plays a crucial role in review and assessment of IT Risks and Controls, ensuring compliance, good risk posture, facilitating audits as well as monitoring reporting and improving effectiveness of IT (Tec & Cyber) Controls.

Job Responsibilities

Reporting to Head, Control & Validation, with the following primary responsibilities:

Technology Risk Management

• SGX’s Technology Risk Register is regularly reviewed in accordance with Enterprise Risk Management guidelines and aligned to board level key risks identified by the management.


• Facilitate annual Risk Self-Assessment reviews for Technology Risks and identify any new Technology Risks that is applicable to SGX resulting from internal or external changes in our environment, operations and regulatory directions.


• Facilitates and perform Control Self-Assessments for Technology Risk


• Monitor and reports on SGX’s Technology Risk Indicators to management. Design and implement accurate and actionable dashboard to improve visibility of Technology Risk to management. 

Governance of IT Policies, Standards, Procedure and Guidelines

• Oversee the overall governance of IT Documentation and Control to ensure timely review of such documents aligned to applicable regulations SGX is operating under.

Audit and Regulatory Compliance

• Design and implement processes to ensure compliance and continued compliance to regulatory requirements, including but not limited to regulations, notices, circular from the regulatory bodies that SGX operates under.


• Liaise with internal and external auditor and regulators for audit field work and tracking the compliance and remediation from any audit findings.


• Design and implement program to ensure continued compliance to regulatory requirements.

Risk Culture and Cybersecurity Awareness

• Design and implement programs to uplift the risk culture and cybersecurity awareness of SGX and its subsidiaries.

Subsidiaries IT Governance

• Provide advice and guidance on subsidiaries’ compliance to the Baseline IT policies and procedures. Assess subsidiaries in gap analysis and work with subsidiaries CISO function on exceptions or deviations handling process. Track any remediation action plans till completion.


• Work with subsidiaries CISO to ensure comprehensive identification and management of technology and cyber risks. Design improvement programs to uplift the cybersecurity hygiene and response readiness of subsidiaries.


• Conduct regular meetings with CISOs and/or CTOs of subsidiaries to operationalize these programs, including but not limited to, processes to address critical/high CVE (common vulnerability exposure), sharing of threat intel, tracking remediation of such vulnerabilities till closure, and optimization of vendor contracts if applicable.


• Ensure continued upkeep of subsidiaries technology risk posture and provide regular management reporting and updates on the status of subsidiaries IT Risk.

Job Requirements

• A good Degree with at least 8 years of relevant experience within financial institutions in the areas of Banking & Finance/ Risk Management/ Cybersecurity/ IT auditing/ Technology Governance and Data Analytics.


• At least 8 years’ work experience, with exposure and working knowledge in the areas of IT security policies, IT Risk management Framework, Audit and Compliance to regulatory requirements, Management reporting, Business Continuity Management, Vendor due diligence, including Cloud deployment risk assessments.


• Relevant or equivalent certification such as CRISC, CISM, CISA


• Solid understanding of Vulnerability Assessment, Penetration Testing, Data Loss Prevention, Shadow IT Management etc. will be desirable.


• Proficient in Cybersecurity Risk Management Frameworks or standards (such as NIST, ISO27000, CIS) and experience in regulatory requirements such as IOSCO, MAS TRMG, CSA CCOP, GDPR and SEBI will be an advantage.


• Strong analytical and interview skills with experience in data analytics


• Experience in Archer, SAP, BI Tools (such as Tableau, Power BI, Qlikview, IDEA), Programming /Scripting Languages (such as SQL, Python, K) would be an advantage.

Essential Competencies

• Excellent stakeholder management skills – ability to communicate and influence at a level of senior management including C-suite level.


• Excellent written, verbal communication and presentation skills


• Self-driven, adaptable to change.


• Able to work independently, as well as a good team player.


• Able to manage vendors and outsourcing partners


• Willing to take a hands-on approach.


• Strong leadership and accountability for end-to-end ownership