Listing Description

Trust is the first of a new breed of banks in Singapore – digitally native and focused on delivering a delightful customer experience.  You will work in a fast-paced and collaborative environment to solve new and interesting challenges each day. Together with our Trust team, you will help shape the future of our bank.  

As the Technology and Security Assurance Lead, you will acquire new ways of working and be involved in solving interesting challenges, building innovative, industry-leading products and digital journeys for our customers and managing risks intelligently.

Job Description 

As part of the First Line of Defence Security Team in Trust, you will be reporting to the Head of Technology Risk. In this role, you will drive the design and day-to-day management of security processes and controls, ensuring a positive support to our company’s initiatives and growth.  Specifically, you will operate the Control Room responsible for Continuous Assurance and Reporting. Adopting and implementing modern approaches to security, integrating cloud-native security designs, offensive security and agile development. Working closely with various stakeholders, including product owners, risk and compliance, the Tech and Security Assurance Manager will design and manage an effective Information Security Management System in line with best of breed industry practices and innovative engineering.

The Role Responsibility: 

Our Cloud native Company is going through steadfast growth and rapidly evolutive environment, thus the candidate will need to shape and continuously adapt a comprehensive Information Security Management System, including all aspects of Security Governance, Risk and Compliance (GRC), maintaining control effectiveness during change.

The incumbent will drive many initiatives, among which:

• Provide strategic advisory to ensure sound architecture and control effectiveness


• Organising the conduct of periodical effectiveness checks and controls


• Collaborating with all the company’s stakeholders to design operational processes which derive effective security and delivery quality outcomes


• Working closely with the digital workspace computing team to ensure all controls are in place, systems effectively onboarded and security capabilities delivering their SLAs


• Being the driving force in 3^rd party security risk management by holding all external vendors to the standard expected by our customers


• Maintaining a registry of security controls and regulatory requirements, continuously collecting and mapping artefacts to ensure continuous compliance and facilitate second line deviation analysis


• Working closely with security engineering to automate the collection and analysis of security controls data to maintain manual reviews minimal


• Providing comprehensive reporting of compliance and escalate violations to Management


• Establishing and maintaining metrics and data driven controls to measure continuously the effectiveness of controls over time

Our Ideal Candidate:

• About 8 years of experience in Technology, Information or Cyber Risk Management.


• Entrepreneurial spirited – constantly identify opportunities for change and not afraid to do things differently.


• Good understanding of regulatory requirements such as MAS Technology Risk Management Guidelines, MAS Notice 644 Technology Risk Management and Notice 655 Cyber Hygiene.


• Exposure to cloud native architecture, services, technologies and ways-of-working, including but not limited to: microservices, containerisation, orchestration (Kubernetes)


• Experience in design, advisory, and oversight of technology risk and control design coordination to mitigate risk for IT control environment


• Strong analytical skills and ability to priorities, make decisions, and work to tight timeframes.


• Strong communication skills – oral, written and presentation.


• Strong interpersonal and stakeholder management skills, across various levels in the organization including senior leadership.


• One or more of the following certifications will be preferred: CISA, CISSP, CISM, CRISC, GIAC, CCSLP.


• Experience in scripting/programming security automation will be beneficial as we stive for automation.

Role Specific Technical Competencies:

If you apply for a job with Trust or submit any personal information in connection with a possible job opportunity, you agree to our privacy notice for job applicants.

Come as you are! Trust is an inclusive and open-minded workplace. If you are smart and good at what you do, that’s what we care about. So come as you are. 😊

Trust is an equal opportunity employer. We prohibit discrimination and harassment of any kind. We are committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Trust are based on business needs, job requirements and individual qualifications, without regard to age, gender, physical ability, race, religion or belief, family or parental status, sexuality, or any other status protected by laws or regulations. We will not tolerate discrimination or harassment based on any of these characteristics. We encourage applicants of all ages.