Vice President, Regional Technology Risk Manager
Singapore
Headquartered in Tokyo, Sumitomo Mitsui Banking Corporation (SMBC) is a leading global financial institution and a core member of Sumitomo Mitsui Financial Group (SMBC Group). Built upon our rich Japanese heritage since 1876, we put our customers first and provide seamless access to, from and within the Asia Pacific region. SMBC is one of the largest Japanese banks by assets and maintain strong credit ratings across our global integrated network. We work closely as one SMBC Group to offer personal, corporate and investment banking services to meet the needs of our customers.
With sustainability embedded within our strategy and operations, we are committed to creating a society in which today’s generation can enjoy economic prosperity and well-being, and pass it on to future generations.
-
Lead and support regional regulatory compliance initiatives, including gap analyses against requirements such as MAS Cyber Hygiene, MAS TRM, and BNM RMiT, as well as responding to regulatory circulars and questionnaires.
-
Oversee IT GRC activities across APAC entities, including consolidation of risk reporting, support for internal and external audits, and review of risk acceptance requests.
-
Act as the primary liaison for technology risk matters during major audits, facilitating effective communication between auditors and technology/operational teams. Where necessary, provide independent challenge to audit observations to ensure accuracy, context, and fair representation of risks, while supporting timely and appropriate remediation actions.
-
Serve as a trusted advisor to technology teams on risk, control, and regulatory matters, and partner with stakeholders to remediate identified technology risks.
-
Coordinate and facilitate control self-assessment (CSA) activities, including performing independent control testing where required and assessing the adequacy of control design and documentation.
-
Provide effective first-line challenge (1LOD) to technology units on risk identification, prioritisation, and remediation, and deliver risk opinions and recommendations to IT management and second line of defence (2LOD).
-
Support 2LOD in strengthening risk governance practices, including the development of Key Risk Indicators (KRIs), enhancement of the Technology Risk Management framework, and ongoing monitoring and reporting.
-
Maintain and enhance IT policies, standards, and procedures under the team’s ownership to ensure alignment with regulatory and organisational requirements.
Requirements:
- Bachelor’s degree or higher in Computer Science, Information Technology, Engineering, or a related technical discipline.
- Minimum 10 years of relevant experience in Technology Risk, IT Governance, IT Controls, Technology Assurance, or Information Security Governance, with at least 7 years in the financial services industry.
- Strong understanding of regional regulatory frameworks and guidelines, including MAS TRM, MAS Cyber Hygiene, BNM RMiT, RBI Master Directions and broader APAC technology risk expectations.
- Proven ability to identify technology risks, assess control effectiveness, and recommend practical and sustainable remediation measures.
- Solid knowledge of cyber risk management practices and industry-standard controls.
- Excellent communication, presentation, and stakeholder management skills, with the ability to engage effectively with senior stakeholders, including C-suite executives, across diverse technology domains.
- Experience in delivering security awareness or risk training programmes within an organisation is an advantage.
- Strong analytical and critical thinking capabilities, with the ability to operate both strategically and tactically in a dynamic environment.
Preferred Qualifications:
- Relevant professional certifications such as CISSP, CISM, or CRISC.
- Experience leveraging advanced technologies (e.g., agentic AI, Machine learning) and data visualisation tools to enhance reporting efficiency and streamline manual processes.