APAC Enterprise Technology Risk Management, MD

About the job

The Enterprise Technology Risk Management (ETRM) organization is part of the Enterprise Risk Management organization. ETRM is responsible as the second line of defense (SLOD) for identifying, assessing, and mitigating technology and cyber/information risks.

Requirements

We are seeking an experienced Enterprise Technology and Cyber Risk Management Leader with over 15 years of experience in ETRM and/or Technology Risk Management. The ideal candidate should possess the following skills:

• Over 15 years of experience in ETRM and/or technology risk management
• Excellent communication and interaction skills
• Ability to articulate technical issues to both IT stakeholders and business partners
• Strong analytical skills and ability to extract important information and priorities
• Proficiency in Mandarin is required

Tasks

As an ETRM consultant for the APAC region, you will be responsible for:

• Technology risk and cyber risk management
• Developing and supporting risk and regulatory matters for the APAC community
• Collaborate with ETRM risk professionals to align with the broader enterprise operational risk and cyber risk management program
• Developing effective communication channels to measure and escalate technology risks

Governance and Oversight

You are responsible for:

• Monitoring governance, policies, and threat response processes in the APAC region
• Support in developing technology risk oversight and embedding ETRM risk practices
• Monitoring communication with APAC regulators in accordance with the ETRM program

Risk management and awareness

You should:

• Promote a culture of effective risk management within the company
• Provide technology risk management consulting and ongoing guidance in line with ETRM knowledge
• Learn about regulatory developments and their impact on State Street in APAC
• Conduct training courses on technology risk management

What we offer

We offer:

• A collaborative approach to maximize positive impact and synergies
• Excellent communication and interaction skills
• Ability to influence and implement decisions
• Flexibility in communicating with different cultural groups

Primary skills

You should have the following skills:

• In-depth knowledge of APAC technology regulatory requirements (e.g., APRA, ARIMA, MASS)
• Experience with regulatory audits and reports
• Experience in IT risk management, information technology general controls (ITGC), and cybersecurity controls
• Knowledge of information security frameworks (e.g., NIST, ISO 27001), CSA Cloud Controls Matrix, and ITSACS