Tech and Security Governance Specialist

Trust is the first of a new breed of banks in Singapore – digitally native and focused on delivering a delightful customer experience.  You will work in a fast-paced and collaborative environment to solve new and interesting challenges each day. Together with our Trust team, you will help shape the future of our bank.  

As a Tech and Security Governance Specialist, you will acquire new ways of working and be involved in solving interesting challenges, building innovative, industry-leading products and digital journeys for our customers and managing risks intelligently.  Professionally, you will have the opportunity to work with cutting-edge cloud technologies, expand your security risk expertise in cloud and banking domains.

Job Description

The Tech and Security Governance Specialist functions within Line 1.5, bridging the gap between first-line operations and second-line risk management in our cloud-native banking environment. This role combines hands-on security expertise with risk management capabilities to provide risk oversight of the Bank’s Security posture while ensuring compliance with financial services regulations and cloud security frameworks.

Key Responsibilities:

• Develop, monitor and report on Key Control Indicators (KCIs) for critical security controls incl trend analysis reports on KCI performance and control effectiveness
• Track, assess and report on the impact of emerging security regulations and risk advisories on emerging threats and control implications.
• Conduct comprehensive technology risk assessments for cloud platforms and banking applications
• Design and implement control testing methodologies for cloud environments
• Perform regular control effectiveness assessments and validation
• Develop and maintain risk and control matrices mapping to regulatory requirements
• Lead control remediation efforts and track closure of identified gaps
• Guide implementation of controls to meet the financial and cloud-specific regulatory requirements.
• Support external, internal and regulatory examinations and audits
• Report on security risks to senior management and risk committees
• Prepare and deliver monthly security posture updates to the Technology and Information and Cyber Risk committee.

Key Relationships:

• Reports to: Head of Technology Risk
• Strategic Partnership: CISO (consultative relationship for security strategy alignment)
• Other Key Stakeholders: 
  • First Line: Cloud Engineering, DevOps Teams
  • Second Line: Risk Management, Compliance Teams
  • Regulators, Internal and External Auditors

Required Qualifications

Experience

• 8+ years of information security experience, with 5+ years in banking/financial services
• Proven experience in cloud security and GRC within regulated environments

Technical & Analytical Skills

• Must possess at least one of following certifications - CISSP, CISA, CISM, CRISC, GIAC.
• Experience in developing and tracking Key Control Indicators (KCIs)
• Ability to create clear, actionable risk assessment reports
• Strong data analytics skills for control performance monitoring
• Expertise in security metrics and dashboard development
• Understanding of cloud security (AWS, Azure, GCP)
• Knowledge of container security and microservices architecture
• Understanding of API security and banking integrations

Risk and Control Knowledge

• Expert knowledge of risk assessment methodologies and frameworks
• Deep understanding of control design and testing approaches
• Experience with control automation and continuous monitoring
• Proficiency in risk quantification and measurement techniques

Domain Knowledge

• Strong understanding of banking regulations and compliance requirements
• Good understanding of the payment card industry and Swift Customer Security Controls Framework requirements.

Soft Skills

• Ability to communicate effectively to regulators and auditors
• Strong stakeholder management across technical and business teams
• Experience in navigating regulatory and external examinations
• Excellent documentation and reporting skills