Technology & Cyber Security Risk Lead

Trust is the first of a new breed of banks in Singapore – digitally native and focused on delivering a delightful customer experience.  You will work in a fast-paced and collaborative environment to solve new and interesting challenges each day. Together with our Trust team, you will help shape the future of our bank and be able to work on and solve many interesting challenges which we are facing, learn new ways of working, and help build delightful high-quality products for our customers.

As a Technology & Cyber Security Risk Lead, you will acquire new ways of working and be involved in solving a number of interesting challenges, building innovative, industry-leading products and digital journeys for our customers and managing risks intelligently through modern, data-driven, and automated risk management practices.

Job Description 

As part of the Second Line of Defence Risk Team in Trust, you will be reporting to and supporting the Chief Information and Cyber Security Risk Officer. You will have the opportunity to help build and engineer the future of Technology and cyber risk management practices, fit for purpose for an agile, cloud-native, DevSecOps-enabled digital bank. You will partner hands-on with engineering, product, and security teams to govern Technology and cyber risk management decisions along with the First Line of Defence, leveraging automation, continuous monitoring, and quantitative risk intelligence to enable business velocity with robust risk oversight.

The Role Responsibility: 

Strategic Risk Leadership

• Lead the execution and continuous improvement of the Bank's second line of defence for technology and cyber risk, encompassing governance, policy, risk assessment, and awareness, with emphasis on automation, continuous monitoring, and risk-intelligent practices
• Represent the Bank on internal and external risk committees providing independent risk expertise and challenge to executive decision-making
• Partner with Head of Compliance to ensure regulatory compliance (MAS TRM, PDPA, CSA) for technology and cyber risk; manage privacy and regulatory risk related to cyber
• Promote a healthy culture of risk compliance and exceptional judgement across the organization

Risk Engineering & Automation

• Define risk management requirements and validate GRC platform implementation including workflows, treatment plans, attestations, dashboards, and automated control testing
• Establish automated risk assessment and monitoring processes for new products, existing infrastructure, and emerging technologies including AI/ML, cloud-native architectures, third-party integrations, and software supply chain risks
• Define requirements for regulatory compliance automation including obligation traceability matrices, attestation preparation (MAS TQ, KOR, SACH/SWIFT), and compliance-as-code validation
• Establish data quality framework; validate data through independent testing using scripts (Python, SQL, APIs)
• Design continuous risk monitoring capabilities with real-time dashboards, automated alerting, and predictive analytics

Continuous & Proactive Risk Monitoring

• Implement continuous risk monitoring framework with real-time visibility, automated alerting, and continuous control testing.
• Monitor and ensure risk posture aligns with appetite using data-driven dashboards and metrics; partner with First Line on risk appetite management
• Review and challenge cloud security, DevSecOps controls, vulnerability prioritization, and attack surface monitoring
• Validate identity and access controls; review incident response preparedness through tabletop exercises and post-incident analysis

Data-Driven Risk Assessments

• Apply data-driven risk assessment to analyze Technology and Cyber risk through scenario testing and risk aggregation
• Establish risk prioritization frameworks to optimize control investments and identify compound risks
• Define risk metrics and reporting standards to support decision-making

DevSecOps & Cloud-Native Risk Practices

• Partner with engineering teams to embed risk oversight into DevSecOps workflows, CI/CD pipeline security, infrastructure-as-code reviews, and shift-left security practices.
• Coordinate security testing and resilience validation including adversarial attack simulations (AASE), penetration testing, chaos engineering, and DR/BC exercises
• Review resilience testing results to ensure recovery capabilities, RTO/RPO compliance, and failover mechanisms meet requirements

Regulatory Compliance & Assurance

• Coordinate regulatory examinations and attestations (MAS TQ, KOR, SACH/SWIFT) providing technology and cyber risk expertise
• Conduct thematic risk reviews and deep-dive assessments on emerging risks, control performance, and industry trends

Role Specific Technical Competencies:

Our Ideal Candidate: 

• 15+ years' aggregate industry experience in both Cyber and Technology risk with demonstrated hands-on technical execution and risk engineering capabilities - mandatory
• Experience of technology and cyber regulations (MAS TRM, NIST, ISO27001, CIS Controls preferred) - mandatory
• Educational background in relevant technical areas including computer science, information security, data science, software engineering, technology architecture, or risk management
• Experience in the following areas mandatory: information security, cyber security, technology risk management, privacy, cloud security (AWS/Azure/GCP), DevSecOps practices, and GRC platform engineering
• Experience in the following areas highly desirable: scripting/automation (Python, SQL), risk analytics and statistical analysis, infrastructure-as-code (IaC), container and Kubernetes security, API integration, software supply chain security, AI/ML security, third-party risk management, and audit/assurance background with hands-on control testing.
• Influencing skills and ability to manage relationships with senior management and engineering teams; entrepreneurial mindset comfortable in startup environments
• Strong communication skills and ability to work in a multi-cultural and multi-disciplinary environment
• Must possess required industry certifications: CISSP (mandatory), AWS certification, CCSP, CGEIT, CEH, or DevSecOps certifications (highly desirable)

If you apply for a job with Trust or submit any personal information in connection with a possible job opportunity, you agree to our privacy notice for job applicants.

Come as you are! Trust is an inclusive and open-minded workplace. If you are good at what you do and care about doing a good job, that’s what we focus and want from you.  So come as you are. 😊

Trust is an equal opportunity employer. We prohibit discrimination and harassment of any kind. We are committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Trust are based on business needs, job requirements and individual qualifications, without regard to age, gender, physical ability, race, religion or belief, family or parental status, sexuality, or any other status protected by laws or regulations. We will not tolerate discrimination or harassment based on any of these characteristics. We encourage applicants of all ages.