Job Description
The Assistant Manager/Manager, Third Party & Technology Risk is responsible for providing second line of defence (2LoD) oversight and challenge over technology risk and thirdparty arrangements. The role ensures thirdparty and technology risks are
consistently identified, assessed, challenged, monitored, and escalated, in line with internal policies, risk appetite, and regulatory expectations.
Key Responsibilities
- ThirdParty Risk Oversight
- Provide 2LoD review and challenge over thirdparty risk assessments. Assess inherent and residual risk, adequacy of controls, and quality of risk conclusions.
- Advise business and contract owners on risk scoping, applicability, exemptions, and reassessment triggers, including nontraditional thirdparty arrangements.
- Ensure alignment with regulatory requirements such as MAS circulars on management of third party arrangements.
- Technology Risk Management & Due Diligence (2LoD)
- Provide independent oversight and challenge of technology risk due diligence
- Review key technology risk domains, including:
- Information security and cyber risk
- Identity, access, and privileged access management
- Vulnerability, patching, and security testing
- Incident management and notification readiness
- IT resilience, BCM, and recoverability
- SDLC, change, migration, and cutover risks
- Challenge unsupported risk acceptances, weak compensating controls, and control assumptions lacking evidence.
- Project, Change, and Transformation Oversight
- Provide 2LoD technology risk oversight for material projects, system implementations, migrations, and decommissioning activities. Escalate material risks where residual exposure is inconsistent with risk appetite.
- Monitoring, Issues, and Escalation
- Oversee ongoing monitoring of thirdparty and technology risks
- Review and challenge risk issues, deviations, and timebound risk acceptances.
- Identify themes, systemic weaknesses and key risk indicators for escalation to management and risk committees.
- Incidents
- Provide 2LoD oversight of technology and thirdparty incidents, ensuring root causes and corrective actions address underlying control gaps.
- Governance, Advisory, and Continuous Improvement
- Act as a trusted risk advisor and effective challenger to other business units, IT, Compliance, Legal, Procurement, and Risk teams.
- Contribute to the enhancement of technology risk and thirdparty risk policies, standards, guidance, and reporting.
- Support audits, regulatory reviews, and senior management queries relating to technology and thirdparty risk.
Qualifications:
- Degree in Information Technology, Information systems, Accountancy or Business Administration or a recognised professional qualification.
- 6–10 years experience in technology risk, thirdparty risk or IT audit. Prior experience in financial institutions and/or a 2LoD oversight or challenge role will be preferred.
- Strong understanding of technology, cyber, and thirdparty risk management.
- Ability to engage senior stakeholders while maintaining independent risk judgement.
- Analytical and structured with excellent communications skills.
- Strong project management and facilitation skill.
