Overview

WHO WE ARE:

As Singapore’s longest established bank, we have been dedicated to enabling individuals and businesses to achieve their aspirations since 1932. How? By taking the time to truly understand people. From there, we provide support, services, solutions, and career paths that meet their individual needs and desires.

 Today, we’re on a journey of transformation. Leveraging technology and creativity to become a future-ready learning organisation. But for all that change, our strategic ambition is consistently clear and bold, which is to be Asia’s leading financial services partner for a sustainable future.

 We invite you to build the bank of the future. Innovate the way we deliver financial services. Work in friendly, supportive teams. Build lasting value in your community. Help people grow their assets, business, and investments. Take your learning as far as you can. Or simply enjoy a vibrant, future-ready career.

Your Opportunity Starts Here.

Why Join
Protecting our customers’ assets and information is at the heart of what we do at OCBC Group. As an Information Security and Digital Risk Management Specialist, you will play a key role in safeguarding the Group’s digital ecosystem and strengthening its resilience against evolving technology and cyber risks.

In this role, you will conduct independent reviews of digital risks arising from third‑party service arrangements. This includes assessing the design and operating effectiveness of controls implemented by third‑party service providers and providing assurance on compliance with Group policies and regulatory requirements applicable to the arrangement, as well as relevant industry best practices.

How you succeed

To succeed in this role, you will combine strong domain knowledge, sound professional judgement, and effective stakeholder engagement skills. You are expected to stay abreast of emerging technology, information, and cyber risk trends, and translate these developments into practical risk insights and actionable mitigation strategies.

You will work closely with technology, business, and control functions to identify material risks, provide constructive and independent challenge to existing controls where appropriate, and ensure that security policies, standards, and practices remain effective, proportionate, and aligned with business objectives.

What you do

  • Conduct digital risk assessments, due diligence reviews, and ongoing monitoring of third-party service providers.

  • Support the development, implementation, and maintenance of third-party policies, procedures and frameworks in alignment with regulatory requirements and industry best practices.

  • Collaborate with technology, business, and control functions to ensure effective end-to-end risk management for third-party service arrangements.

  • Drive or support continuous improvement initiatives for the Third-Party Risk Management programme, including process optimisation, automation, and operating model enhancements.

  • Lead or support data-driven initiatives leveraging enterprise data platforms to analyse risk data, identify trends and emerging risks, and provide clear, actionable insights to support risk-informed decision-making.

  • Perform or support ongoing risk monitoring and management reporting on the Group’s technology and cyber risk posture relating to third-party services, highlighting key issues and trends to senior management and relevant committees.

  • Support Group‑wide initiatives to facilitate compliance with applicable legal and regulatory requirements, including the MAS Cyber Hygiene Notice, MAS Technology Risk Management Guidelines and MAS Guidelines on Outsourcing.

  • Provide training and awareness to stakeholders on technology risk and third-party risk management to promote consistent understanding and application across the Group.

Who you work with

Group Risk Management works independently to protect, build, and drive our businesses. The team support good decision-making. With strong risk analysis. And a crucial, comprehensive role in sharpening our competitive edge. Optimizing risk-adjusted returns. It’s about seeking and adopting best-in-class practices. Protecting the group from unforeseen losses. Keeping risk within appetite. Embracing change and managing growth in one of the world’s strongest banks.

Who you are

  • A degree in Computer Science, Information Security, or a related discipline.

  • Relevant professional certifications such as CISSP, CISA, CISM are advantageous.

  • More than eight years of relevant experience in technology, information, or cyber risk management, or information security, with at least five years of hands-on experience in third-party risk management, preferably within the financial services industry.

  • Strong knowledge and practical experience in conducting technical assessments across network and system infrastructure security, cloud‑native security platforms and service offerings (such as Amazon Web Services or Microsoft Azure), and third‑party assurance artefacts and security assessment frameworks (such as SOC 2 and OSPAR).

  • Strong working knowledge of Singapore regulatory frameworks, including the MAS Technology Risk Management Guidelines and MAS Guidelines on Outsourcing, and/or other regional regulatory frameworks and industry standards such as NIST SP 800-53, ISO/IEC 27001.

  • Strong written and verbal communication skills, with the ability to articulate risk issues clearly and constructively to stakeholders.

  • Ability to lead and drive initiatives, influence outcomes through others, and collaborate effectively across different seniority levels, functions, cultures, and geographies.

  • Proactive, resilient, and able to perform effectively under pressure and tight timelines in a dynamic risk environment.

What we offer:

Competitive base salary. A suite of holistic, flexible benefits to suit every lifestyle. Community initiatives. Industry-leading learning and professional development opportunities. Your wellbeing, growth and aspirations are every bit as cared for as the needs of our customers.

JR00007122

About

OCBC is the longest established Singapore bank, formed in 1932 from the merger of three local banks, the oldest of which was founded in 1912. It is now the second largest financial services group in Southeast Asia by assets and one of the world’s most highly-rated banks, with an Aa1 rating from Moody’s. Recognised for its financial strength and stability, OCBC is consistently ranked among the World’s Top 50 Safest Banks by Global Finance and has been named Best Managed Bank in Singapore by The Asian Banker.

OCBC and its subsidiaries offer a broad array of commercial banking, specialist financial and wealth management services, ranging from consumer, corporate, investment, private and transaction banking to treasury, insurance, asset management and stockbroking services.

OCBC’s key markets are Singapore, Malaysia, Indonesia and Greater China. It has more than 570 branches and representative offices in 19 countries and regions. These include about 300 branches and offices in Indonesia under subsidiary Bank OCBC NISP, and over 90 branches and offices in Mainland China, Hong Kong SAR and Macau SAR under OCBC Wing Hang.

OCBC’s private banking services are provided by its wholly-owned subsidiary Bank of Singapore, which operates on a unique open-architecture product platform to source for the best-in-class products to meet its clients’ goals.

OCBC's insurance subsidiary, Great Eastern Holdings, is the oldest and most established life insurance group in Singapore and Malaysia. Its asset management subsidiary, Lion Global Investors, is one of the largest private sector asset management companies in Southeast Asia.