Technology and Vendor Risk Specialist

The NETS Group is a leading payments services group, enabling digital payments for merchants, consumers and banks across the entire payments value chain. 
 

The Group operates Singapore’s national debit scheme enabling customers of DBS Bank/POSB, HSBC, Maybank, OCBC Bank, Standard Chartered Bank and UOB to make payments using their ATM cards or mobile devices at more than 130,000 acceptance points in the country as well as online payments.

The IT and Vendor Risk Manager is part of the Risk Management line 1.5 defense, working with IT risk owners to ensure controls are effective and managed. The role is primarily responsible for providing comprehensive risk oversight, assurance, and governance across technology risk management and IT vendor risk domains. This includes monitoring risk indicators, validating remediation efforts, conducting risk assurance activities, and ensuring compliance with regulatory guidelines and internal frameworks. The position plays a critical role in safeguarding the organization against operational, regulatory, and third-party risks.

IT Risk and Process Compliance

• Responsible for the management of testing and enforcement of Technology and Cyber related policies, processes and procedures.
• Execute policies, processes and procedures to facilitate effective IT and cyber related-risk Process and Control arising from Audit Findings or Process improvement maturity
• Advise on sound IT and cyber risk management matters, changes to MAS guidelines and notices, through timely updates to Senior Management
• Proactively engage in establishing IT Risk awareness within Technology aligning with the organization risk posture
• Partner and work with internal stakeholders to review, identify, streamline and implement process improvements with regards to IT and cyber risk management
• Reference to regulator’s notices, circulares and guidelines (such as, TRM, Cyber Hygiene) to assess risk and gaps, and work with Line 2 and Security to improve policies and processes to mitigate risks, minimize their impact to operations
• Prepare and provide data for risk analysis and reporting.

• Communicate and provide guidance of new IT policies and standards to relevant stakeholders.
• Ability to innovate and automate as required.

Vendor Risk Governance

• Govern Third Party Risk, including assessing breaches and incidents involving third parties.
• Review and provide independent challenge of vendor risk assessments and evaluation outcomes to ensure objectivity and robustness.

• Oversee IT vendor management and manage risks associated with IT vendors ensuring all vendor agreements align with NETS policies and regulatory requirements,

• Continuously monitor vendor security posture through due diligence performed by contract owners to track compliance and performance against defined KPIs and SLAs.

• Monitor third party activities throughout TPRM lifecycle to ensure compliance with regulatory and NETS requirements, supporting review conducted by SME and perform assessments to mitigate risks.

• Drive initiatives for continuous improvement in vendor management processes, enhancing efficiency and effectiveness to align with evolving security standards, regulatory requirements, and emerging risks in third-party ecosystems Conduct thorough due diligence on potential vendors to ensure they meet NETS standards for reliability, security, and compliance 
• Provide periodic reporting on vendor risks, and compliance to senior management and other stakeholders 

Network for Electronic Transfers (Singapore) Pte Ltd.