Gravitas Recruitment Group (Global) Ltd Hiring! Full Time Technology Risk Management in - Ricebowl

Responsibilities

Technology Risk Governance & Framework

• Establish, implement, and continuously enhance the Technology Risk Management framework across infrastructure, applications, cloud, cybersecurity, and technology resilience.
• Define and operationalize risk appetite, key risk indicators (KRIs), and tolerance thresholds for all technology risk domains.
• Lead and support technology risk governance forums and committees, providing independent oversight and constructive challenge.

Independent Risk Oversight & Challenge

• Provide second-line independent review and challenge for technology and cybersecurity risks across the organization.
• Evaluate and challenge key decisions regarding:
• System architecture and design
• Cloud adoption and configurations
• Cybersecurity posture and controls
• Technology resilience and disaster recovery
• Escalate material risk exposures, control gaps, and risk appetite breaches to senior management and relevant committees.

Risk Advisory & Change Enablement

• Act as a strategic risk advisor to Technology, Product, and Business teams, ensuring early identification of risks during initiative lifecycles.
• Support embedding appropriate controls under secure-by-design principles.
• Provide forward-looking risk assessments for major transformation programs, digital initiatives, and new product launches.

Technology Risk Assessment & Monitoring

• Oversee and perform risk-based assessments across:
• IT infrastructure and platforms
• Application systems and SDLC processes
• Incident management
• Cloud environments (e.g., AWS)
• Cybersecurity controls and operations
• Develop and maintain continuous risk monitoring using data analytics and automation tools.
• Translate technical findings into business-relevant risk insights, including financial, operational, and reputational impacts.

Cybersecurity Risk Oversight

• Provide oversight and challenge across key cybersecurity domains, including:
• Identity and Access Management (IAM)
• Vulnerability and Patch Management
• Network Security and Threat Detection
• Data Protection and Data Loss Prevention (DLP)
• Incident Response and Crisis Management
• Assess control effectiveness against industry frameworks and standards (e.g., NIST, ISO 27001, CIS, MAS TRM Guidelines).

Issue & Remediation Governance

• Oversee the identification, tracking, and remediation of technology risk issues and control deficiencies.
• Ensure remediation plans are root-cause driven, sustainable, and timely.
• Perform independent validation of remediation actions, providing credible challenge where necessary.

Regulatory Compliance & Engagement

• Ensure alignment with applicable regulatory requirements and internal policies on technology and cybersecurity risk.
• Support interactions with regulators, auditors, and internal stakeholders, including preparing materials and responses on technology risk matters.

Emerging Risk & Innovation

• Identify and assess emerging technology risks, including:
• Cloud concentration risk
• Third-party and vendor risk
• AI / model risk
• Provide insights and recommendations to senior management on forward-looking risk trends and mitigation strategies.

Stakeholder Management & Reporting

• Engage and influence senior stakeholders, including CIO, CISO, Product Leads, and Business Heads.
• Prepare and present concise, risk-based reporting to senior management and relevant committees, including dashboards and key insights.

Requirements

• Experience with data analytics, automation tools, or scripting is advantageous.
• Familiarity with modern technology architectures (e.g., APIs, microservices, cloud-native environments) is beneficial.
• Flexible and willing to take on additional assignments as needed.
• Willing to travel up to 20% of the time.
• Bachelor’s degree in Information Technology, Information Systems, Computer Science, Cybersecurity, or related field.
• 8–12 years of relevant experience in Technology Risk, IT Audit, Cyber Risk, or related roles, preferably in financial services or regulated environments.
• Proven experience in a second-line risk management or oversight role is strongly preferred.
• Familiarity with regulatory frameworks (e.g., MAS TRM, ISO 27001, NIST) is advantageous.

Application:

• Apply to this job posting, and email your CV with the job title as the subject line to: *************