Assistant Manager, Technology Risk Analyst

  • Competitive
  • Singapore
  • Permanent, Full time
  • NTUC Income Insurance Co-operative Ltd
  • 2019-05-20

Assistant Manager, Technology Risk Analyst

You will be part of the Technology & Cyber Risk (TCR) team under the Information Technology Risk & Security (ITRS) department of Income. TCR section is responsible for strategizing & oversight of TRM compliance tasks and projects, ensuring TRM controls and measures are implemented in a cost effective manner in supporting Income's line of businesses.


  • Understands and applies technology concepts, knowledge and skills to help ensure IT risks are appropriately identified, assessed, treated, monitored and reported
  • Work with business units to determine the appropriate controls necessary to remediate identified risks and vulnerabilities; and manage the risk mitigation plans
  • Ensure that identified risks are managed and tracked in accordance with Income's Risk Management framework
  • Validate the control design and operational effectiveness of the remediation plans using RCSA process
  • Assess risks, evaluate for efficiencies and identify opportunities for improvement from people, process and technology perspectives
  • Maintain the list of systems being assessed to ensure compliance with MAS Notice on Technology Risk Management thru a risk-based approach
  • Identification of new risk factors, key risk indicators (KRI) as well as metrics to be incorporated into the GRC system for monitoring of corrective actions, if any
  • Work with BUs and participating Fintechs on the IT Risk due diligence process via Lite-TRM Playbook and IT Risk Checklists to ensure identified risk areas are validated and complete
  • Identify opportunities to enhance IT operational effectiveness
  • Provide consultancy advice on MAS Technology Risk Management (TRM) matters based on Income's Risk Management processes
  • Conduct periodic due diligence on IT outsourced vendors (and its sub-contractors') to ensure identified risks are assessed and capture in the Outsourcing Due Diligence risk register
  • Conduct regular outsourcing review and inspection on key IT service providers, perform due diligence including on-site visits in line with Income's Outsourcing Policy
  • Provides advisory support to business unit's Outsourcing to ensure necessary IT controls/processes are in place as part of IT Risk Due Diligence process
  • Provide inputs on the evaluation of potential IT service providers for projects requiring IT Risk assessment to ensure compliance with MAS TRM Notice and Guidelines, and Income IT policies and standards
  • Maintain the IT Outsourcing register
  • Support internal and external technology related audits and follow up with key stakeholders to ensure issues are addressed in a timely manner with appropriate mitigation plans
  • Assist in the formulation of appropriate information security policies, standards, procedures, checklists, and guidelines to meet the regulatory and organization requirements
  • Be the subject matter on relevant MAS Regulations (TRM & Outsourcing Guidelines) and Income's risk processes to identify opportunities to enhance IT operational effectiveness
  • Contribute technology risks related articles to raise awareness on common audit findings.

  • Degree holder in Information Technology, Info Systems, Computer Science or equivalent.
  • At least 7 years of relevant experience in IT Risk Management and IT GRC related functions. 5+ years of experience technology risk management areas.
  • Professional Certifications - CISSP, CISA, CRISC, CGEIT certifications will be an advantage.
  • Good knowledge of a broad range of technology systems and infrastructure components (e.g. applications, operating systems, databases, networks) and related concepts such as cloud and DevOps
  • Good understanding of technology process and risk methodologies, industry standards such as ISO 27001, NIST, OWASP, Cloud Security, API and REST protocols and cyber defence technologies.
  • Good knowledge on IT Security and cyber defence and familiar with SDLC and Control Self-Assessment (RCSA) processes
  • Well verse with MAS regulations (e.g. TRM, Outsourcing) and ABS Guidelines.
  • Some FI or insurance domain experience will be an advantage.