Responsibilities
JOB DESCRIPTION
Digital Control Framework & Governance
- Define, implement, and maintain a robust digital controls and assurance framework covering digital banking platforms, APIs, cloud technologies, automation, AI and data analytics.
- Establish clear control standards, risk taxonomies, and assurance methodologies aligned with MAS regulatory requirements (e.g. TRM, Risk Management Guidelines) and internal policies.
- Own and coordinate technology risk, control, and assurance activities for digital initiatives across CIMB Singapore.
- Work closely with Risk, Compliance, Technology, and RCU teams to:
- Identify and assess digital and technology risks (e.g. platform resilience, data privacy, cyber, outsourcing, vendor risk)
- Define and embed appropriate preventive and detective controls into digital solutions and operating processes
Control ‑ by ‑ Design in Digital Delivery
- Embed control ‑ by ‑ design principles into digital initiatives from early design stages rather than post ‑ implementation fixes.
- Ensure alignment with:
- AML / CDD / KYC requirements
- Sales governance and conduct controls
- Data and privacy policies
- Partner delivery teams to balance customer experience, speed, and risk discipline.
- Provide advisory support for new digital initiatives such as mobile banking enhancements, digital onboarding, cloud migration, AI use cases, and partnerships with external vendors.
Risk Oversight & Assurance
- Provide independent oversight and challenge over digital, technology, and operational risks, including system resilience, data integrity, cyber risk, access management, and third-party risks.
- Conduct control assessments, thematic reviews, and deep dives across digital initiatives and platforms.
- Identify control gaps, root causes, risk trends, and emerging risks associated with digitalisation and innovation.
- Support audits, regulatory reviews, and risk assessments related to digital platforms, journeys, and operations.
Regulatory Compliance & Engagement
- Ensure full compliance with MAS regulations and guidelines, including Technology Risk Management (TRM), Outsourcing Guidelines, Cyber Hygiene Notices, and Operational Resilience expectations.
- Act as a key point of contact for regulators, auditors, and internal governance forums on digital controls and assurance matters.
- Support regulatory inspections, audits, and risk assessments, including remediation tracking and closure.
Incident Management & Issue Remediation
- Oversee assurance activities related to digital incidents, outages, data breaches, or control failures.
- Ensure effective root cause analysis, corrective action plans, and sustainable remediation.
- Track, report, and escalate material digital risks and issues to senior management and governance committees.
Reporting, Stakeholder Engagement and People Leadership
- Prepare and present clear, insightful risk and assurance reporting to senior management, risk committees, and board-level forums.
- Provide forward-looking insights into the digital risk landscape, control maturity, and areas requiring management attention.
- Build and lead a high-performing digital controls and assurance team with strong skills in technology risk and controls.
- Foster strong partnerships with Digital, IT, Cyber Security, Operations, Compliance, and Internal Audit.
- Promote a strong risk and control culture across digital and technology functions.
Requirements
Qualifications
- Bachelor's or Master's Degree in any related disciplines (Business/ Finance/ Banking) or equivalent professional qualification
Professional Qualification and/or Regulatory, Licensing Requirements
- Relevant technology, risk, or audit qualifications
Relevant Work Experience
- Minimum 12–15 years of experience in technology risk, digital controls, IT audit, assurance, or risk management within the banking or financial services industry
- Proven leadership experience managing senior teams and engaging C ‑ suite or senior management stakeholders
- Strong understanding of digital banking architectures, cloud environments, APIs, data platforms, and emerging technologies
- Solid knowledge of MAS regulatory expectations, particularly TRM, outsourcing, cyber resilience, and operational risk
- Experience working in or supporting Agile / DevOps / digital transformation environments
Competencies/Skills
- Strong risk judgement and independent challenge mindset
- Ability to balance innovation enablement with control discipline
- Excellent stakeholder management and influencing skills
- Strategic thinking with strong execution capability
- High integrity, resilience, and accountability
- Strong verbal and written communication skills
- Able to function effectively in a matrix and culturally diverse environment
- Well informed of the market environment, industry practices and regulations governing the Consumer Banking business
- Strong leadership and people management skills
- Strong understanding of regulatory requirements and experience in ensuring compliance within the financial services sector
