Role Profile

Associate Risk Analyst,

Technology Risk

July 2020

1
 Job Title: Associate Risk Analyst, Technology Risk

ROLE PURPOSE: INTERCHANGEABLE/

• Contribute to the identification and mitigation of technology risks within the financial industry and FEEDER JOBS:
financial market infrastructure to ensure financial stability and public confidence, by undertaking • Risk Management (RMD)
horizontal surveillance on the trends of potential technology risks arising from threats from • Internal IT Audit (JAD)
financial institutions’ technology adoption, primarily arising from new, unfamiliar and emerging • Supervision / Financial
technological solutions. Surveillance (with IT-related
• Conduct thematic review on the risk management practices of identified technology risk areas, qualification)
and assist in providing technical assessment on the risk of financial institutions’/ fintech • Technology Risk Management
companies’ technology adoption, as well as contribute to the development of technology risk & Compliance
policy requirements in order to strengthen the IT resiliency of the financial industry.

PRINCIPAL ACCOUNTABILITIES
• Assist in performing horizontal assessment of adopted technology risk management models, methodologies or practices, with the aim
to uncover issues, norms and common practices across the industry. Good foundational knowledge, rigorous research and
consultation process and use of wide range of risk management frameworks and techniques such as data analytics is expected;
• Assist in facilitating industry-wide technology risks improvement program, aiming to continuously strengthen their robustness as well
as fortify the associated risk measurement and mitigation measures adopted by FIs’ technology risk management;
• Contribute in the development of effective advanced surveillance infrastructure and tools for early detection of emerging technology
risks to facilitate macro, as well as micro level monitoring;
• Assist in the review and development of technology risks policy documents to ensure pragmatic implementation of regulatory policies.
Internally, contribute to the process improvement initiatives;
• Provide technical input on emerging technology adoption and risk management practices adopted by FIs, timely detection of potential
operational and technology disruptions. Internally, provide assessment on technology risk to other lead departments on policy
development and supervisory activities (e.g. product approval, monitoring);
• Contribute in the preparation of training materials and training exercise aiming to build and strengthen supervisors’ knowledge and
competencies in technology risk management;
• Assist in establishing and maintaining strong collaboration with relevant stakeholders to influence and strengthen technology risks
infrastructure developments and best practices, and undertake information exchange for effective surveillance and supervision;
• Undertake other ad-hoc assignments, when assigned.

2
 Job Title: Associate Risk Analyst, Technology Risk
CRITICAL SUCCESS FACTORS :
• Rigorous research, deep data analysis, and effective
use of surveillance tools;
• Sound technical knowledge in own areas of
specialization whilst continuously keep abreast of
emerging technology and their associated risk
management best practices;
• Ability to see the big picture and understand various
dynamics at play.
• Ability to work as individual contributors as well as
team lead where required
• Sense of urgency;
• Critical thinking, open to diverse ideas and
comfortable to challenge own perception
• Knowledge of legal and regulatory requirements
relating to technology risks;
• Effective internal and external stakeholders
engagements and collaborations;
• Ability to convey complex ideas in simple terms
• Effective team player well as work strong individual
contributor
• Comfortable to calculated risk taking and willing to
push the boundary
KEY CHALLENGES :
• Ability to appreciate and comprehend the increasingly complex, rapid
and constant development/innovation of technology solutions in the
market and their significance to the financial industry;
• Prompt identification of technology risks / vulnerabilities, as well as
developing and executing appropriate supervisory actions with technical
clarity in a timely manner;
• Keeping abreast with emerging technology risks arising from a rapidly
changing, increasingly complicated and highly connected IT eco-
system;
• Ensuring correct interpretation of legal and policy requirements to
ensure appropriate technology risk mitigation measures for the industry;
• Keeping abreast with market, regulatory and macroeconomic
developments impacting technology risk management practices;
• Managing increased expectation of internal and external stakeholders’
expectation, particularly when addressing multiple assignments with
tight deadlines;
• Ability to articulate technical IT observations and concerns with external
stakeholders, especially when engaging with the FIs’ senior
management, as well as their technical IT teams;
• Ability to drive, motivate and build highly skilled and technical team to
ensure effective technology risk horizontal oversight and understanding
the technology risk profile and health/condition of FIs; and
• Strengthen the technical competencies of staff to ensure they have the
latest technical knowledge and skill sets required, as well as to maintain
and retain these specialist resources.
3
 Job Title: Associate Risk Analyst, Technology Risk

SKILLS / KNOWLEDGE :
• Academic Qualifications: Min. undergraduate degree in computer science/ data science/ engineering/ operation research.
• Experience: 1-2 years experience in technology risk management, advanced analytics, software programming/development, IT
security design/operation. Fresh graduates are also encouraged to apply.
• Professional certifications related to information systems security, auditing, control, assurance and risk management such as Certified
Information System Auditor (CISA), Certified Information Security Manager (CISM), Certified Information System Security Professional
(CISSP), Certified Ethical Hacker (CEH), Cloud Security Knowledge, ISMS, COBIT, OpenGroup FAIR will be an added advantage.

COMPETENCIES: COMPETENCIES:
Generic Technical / Functional:
• Central Bank Core Business Knowledge • Technology Risk Management
• Organisational Risk Management • International Best Practices and Requirements
• Information and Communication Technology • Technology Risk Assessment of Financial Institutions
• Communication and Presentation Skills • Risk-based Supervisory Methodology and Framework
• Project Management • Legal and Regulatory Obligations
• Knowledge of Business and Activities of Financial Institutions
Behavioural: • Technology Risk Surveillance
• Acts for the Greater Good • Technical Advisory
• Drive Performance Excellence • Data Analytics
• Leveraging Strategic Relationships
• Engage and Influence Stakeholders
• Organizational Understanding
• Environmental Awareness
• Build Team Capacity
• Holistic Collaboration
• Empowerment with Accountability
• Executive Maturity
• Self Confidence

Prepared by: Cambell Benjamine, Associate Risk Specialist, JPRPT 28 July 2020
Approved by: Ng Lee See, Risk Specialist, JPRPT 29 July 2020
4