Head of Tech Risk and Governance - Group Chief Information Officer - 281735

Search Jobs
Head of Tech Risk and Governance - Group Chief Information Officer

Head of Tech Risk and Governance - Group Chief Information Officer

Job ID

0000LMFF

Location

Singapore, Singapore

Area of interest

Technology

Job type

Permanent - Full Time

Work style

Hybrid Working

Opening date

18-Aug-2025

Closing date

01-Sep-2025

Job description

Some careers have more impact than others.

If you’re looking for a career where you can make a real impression, join HSBC and discover how valued you’ll be. Whether you want a career that could take you to the top, or simply take you in an exciting new direction, HSBC offers opportunities, support and rewards that will take you further.

Our GCIO organisation plays a critical role for the bank. This team partners with the businesses to build the platforms, systems, and products that our customers use every day. We keep people’s money and data safe, and are at the forefront of driving innovation for our businesses, customers, and colleagues.

We are currently seeking a high calibre professional to join our team as a Head of Tech Risk and Governance.

Principal Responsibilities

In this role you will

Conduct technology risk assessments (e.g., application, infrastructure, third-party, cloud) to identify potential vulnerabilities, threats, and control gaps and evaluate the effectiveness of technology controls and recommend enhancements to mitigate identified risks
Maintain and update the bank's technology risk register, tracking key risks, control effectiveness, and mitigation actions and monitor technology risk metrics and Key Risk Indicators (KRIs) to provide early warnings of potential issues and participate in technology project lifecycle reviews (SDLC) to ensure security and risk-by-design principles are incorporated from inception
Collaborate with internal Technology and business units to develop and implement risk treatment plans and represent the bank in external bodies on discussion relating to technology risks and resilience challenges
Interpret, implement, and monitor compliance with various Singapore regulations and industry standards, including but not limited to requirements for cybersecurity, data governance, business continuity, outsourcing and incident management and participate in regulatory inspections and audits, providing necessary documentation and explanations
Assist in the development, review, and update of technology risk management policies, standards, guidelines, and procedures and ensure policies are aligned with regulatory requirements, industry best practices, and the bank's risk appetite
Conduct technology risk assessments for third-party vendors and service providers, especially those handling sensitive data or critical services and ensure third-party contracts include appropriate security and compliance clauses
Provide expert advice and guidance to technology and business teams on technology risk, control, and compliance matters and develop and deliver training and awareness programs on technology risk and security best practices to employees and customers
Prepare regular risk reports, dashboards, and presentations for management, risk committees, and the Board (as required) and communicate technology risk posture, compliance status, and emerging threats effectively

Requirements

To be successful you will need

Extensive years of progressive experience in Technology Risk Management, IT Audit, Information Security, or IT Compliance within the financial services industry
Demonstrated understanding of banking operations and technology infrastructure and strong understanding of IT general controls (ITGC), application controls, and infrastructure security
Proficiency in risk assessment methodologies and tools
Mandatory knowledge practical experience with MAS Technology Risk Management (TRM) Guidelines is essential. Familiarity with other relevant regulatory frameworks (e.g., PDPA,AML/CFT) and industry standards (e.g., ISO 27001, NIST Cybersecurity Framework, COBIT, ITIL)
Advantageous certifications including CRISC (Certified in Risk and Information Systems Control), CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor) and CISSP (Certified Information Systems Security Professional) with excellent analytical and problem-solving skills, with the ability to identify, assess, and articulate complex technology risks
Exceptional written and verbal communication skills, with the ability to explain technical concepts to non-technical stakeholders and strong interpersonal skills and ability to build relationships with various stakeholders across different departments

Opening up a world of opportunity
http://www.hsbc.com/careers

HSBC is committed to building a culture where all employees are valued, respected and opinions count. We take pride in providing a workplace that fosters continuous professional development, flexible working and opportunities to grow within an inclusive and diverse environment. Personal data held by the Bank relating to employment applications will be used in accordance with our Privacy Statement, which is available on our website.

Issued by The Hongkong and Shanghai Banking Corporation Limited.

Back to search results

Join our Talent Community so that we can keep you updated and informed of the latest happenings at HSBC.