Lead/Head - Technology Risk Management

Eastspring is a global asset manager with Asia at its core. We create a culture in which diversity is celebrated and inclusion assured, for our colleagues, customers, and partners. We provide a platform for our people to do their best work and make an impact to the business, and in exchange, we support our people's career ambitions. We pledge to make Eastspring a place where you can Connect, Grow and Succeed.

.

.

ROLE

Primary responsibility is to build up the technology risk management team in the second line of defence that will cover all 12 business locations of Eastspring, to provide centralised second line oversight of the first line of defence technology teams in 9 domains namely Policy and Standard Compliance, Information & Cyber Security, Data Privacy, IT Regulatory Compliance, Software/Platform Development, Infrastructure and Operations, Transformation & Projects, Third Party Management, Data Governance and AI Ethics. 

PURPOSE

• Provide assurance and oversight on information and technology risks that might pose a threat to the business.
• Provide risk management with objective analysis, detailed observations and recommendations relating to key information and technology risk areas to mitigate the spectrum of risks relating to the achievement of the business operations.
• Provide oversight and assurance that processes, tools, and technologies are operating effectively to mitigate risks to information and technology assets.
• Monitor and review the effectiveness of implementation of information technology, security and data protection standards, policies, and procedures to ensure compliance with regulatory, Group, and location specific policy requirements
• Support operational functions as required to manage risks to information and technology assets appropriately
• Provide independent, objective assurance that information and technology risks are being managed to ensure they are within the risk appetite approved by the Board.
• Work closely with the Prudential Group Technology Risk Management team to roll out and ensure the effective implementation of information and technology risk frameworks, policies, processes, and other initiatives

KEY ACCOUNTABILITIES

• Ensure the Technology Risk Management requirements are successfully implementation within each Eastspring business unit
• Provide technical and best practice guidance on technology risk taking into account specific platform and regional complexities and issues to all Eastspring business units
• Co-chair the Eastspring IT Risk Forum covering all IT Risk topics across all Eastspring business units
• Support the Head of ERM in ensuring periodic reporting of information and technology risk matters to risk committee both on the Eastspring location level and on the Eastspring Group level
• Work closely with the operational risk management (“ORM”) team in executing the information and technology risk oversight related activities in line with the risk framework across the locations
• Ensure the formation, management and maintenance of the information and technology risk appetite and key risk metrics for management oversight and the successful rollout within the business in each location
• Proactively monitor the risk registers across locations and to escalate any potential risk area for Eastspring Group level risk reporting
• Review the risk register to ensure the risk rating, treatment plan and target completion date are able to reduce/mitigate the risk on reasonable basis
• Promote a risk culture to stakeholders across all Eastspring locations in managing information and technology risk

-------------------------

EXPERIENCE / QUALIFICATIONS

• Bachelor's or Master's degree in Information Technology, Computer Science, or a related field
• Proven leadership and management experience, with the ability to guide and motivate a team effectively
• Excellent analytical and problem-solving skills, with a keen eye for detail
• Excellent communication and presentation abilities, with the capability to convey complex technical concepts to non-technical stakeholders
• Strong experience in technology risk management covering at least 5 of the areas of Information & Cyber Security, Data Privacy, IT Regulatory Compliance, Software/Platform Development, Infrastructure and Operations, Transformation & Projects, Third Party Management, Data Governance and AI Ethics, with significant understanding of cybersecurity principles, and data privacy, IT infrastructure, applications, and technology-related regulations and standards.
• Experience in identifying, managing and reporting risk and controls in at least three or more of the following areas:
  • IT infrastructure management (e.g. network, platforms such as IBM, Unix, Windows, middleware, and databases)
  • IT operations (e.g. data centre management, backup, batch processing, incident, and problem management)
  • Application and interface security
  • Application development and change management (SDLC)
  • IT project management/delivery
  • Third party risk management
  • IT Service Management
  • Identity and access management (including familiarity with tools such as SailPoint and CyberArk)
  • Cybersecurity (e.g. NIST framework, security tools, security operations)
• Added advantage if candidates have experience in identifying, managing and reporting technology risks and controls in at least one or more of the following areas:
  • Cloud (PaaS, IaaS, and SaaS)
  • DevOps and / or DevSecOps
  • API management
  • Robotics process automation
  • Artificial intelligence
  • Data governance
  • Agile development
  • Mobile device management (including containerization)
  • Mobile application development
• Familiarity with industry frameworks and methodologies for technology risk management, such as NIST Cybersecurity Framework, ISO 27001, and COBIT
• Has relevant technical certification such as Technology Risk Management, Technology Audit, IT Management, Cybersecurity, Cloud, Software Engineering or Project Management (examples of certifications below)
  • Risk Management: CRISC
  • Audit: CISA
  • IT Service Management: ITIL Foundation, PRINCE2, PMP
  • IT Architecture/Cloud/Network: Microsoft Certified Azure Solution Architecture Expert, (ISC)2 CCSK, CompTIA Cloud Essentials
  • IT/Info Security: CISSP, CISM, CompTIA Security
  • Software and Application Development: DevOps Engineer Professional, Google DevOps Engineer, Microsoft Specialist
• Has industry experience (in order of priority) in Financial Services, Consultancy (Technical Advisory, Technology Risk Management, Internal IT audit services) and/or Technology companies (eg Digital Fintech, Digital banks etc)
• Has a good industry network to stay informed on developments in a fast-moving IT landscape

Eastspring is an equal opportunity employer.  We provide equality of opportunity of benefits for all who apply and who perform work for our organisation irrespective of sex, race, age, ethnic origin, educational, social and cultural background, marital status, pregnancy and maternity, religion or belief, disability or part-time / fixed-term work, or any other status protected by applicable law. We encourage the same standards from our recruitment and third-party suppliers taking into account the context of grade, job and location. We also allow for reasonable adjustments to support people with individual physical or mental health requirements.