At Julius Baer, we celebrate and value the individual qualities you bring, enabling you to be impactful, to be entrepreneurial, to be empowered, and to create value beyond wealth. Let’s shape the future of wealth management together.
GENERAL DESCRIPTION
IT Governance and Risk Management is a regional function in Asia responsible for technology governance across key pillars and overseeing risk management. This function works in close collaboration across IT functions to foster strong risk culture and awareness. Primary responsibilities include risk management and control assurance activities with the aim to continuously strengthen IT operational /security /regulatory posture and provide risk transparency to our management.
Service Offering
• Provide first line ownership of technology governance and risk for the private bank, ensuring IT services, projects, and operations are well controlled, resilient, and aligned to business strategy, risk appetite, and MAS expectations
• Lead the design, implementation, and ongoing enhancement of the bank’s IT governance and risk framework, including policies, standards, and procedures for IT operations, change, projects, outsourcing, and cloud etc.
• Oversee and challenge the effectiveness of first line IT controls (e.g., access management, change management, incident/problem, vulnerability and patch management, EUC governance, EOL technology), driving remediation where gaps are identified
YOUR CHALLENGE
KEY RESPONSIBILITIES OF THE POSITION
- Own and maintain the IT risk register, drive regular risk identification with IT service, platform, and project owners, and ensure appropriate assessment, treatment plans, and timely closure of risk actions
- Coordinate and execute key IT risk processes such as RCSAs, risk scenario analysis, KRIs/KPIs, and providing clear, data‑driven insights on technology and cyber risk exposure
- Translate MAS and internal policy requirements (e.g., TRM, Cyber Hygiene, outsourcing/third‑party, operational risk) into practical first line controls and procedures, and lead gap assessments and remediation programmes
- Act as primary IT interface with internal and external auditors for first line topics, coordinating evidence, management responses, and sustainable closure of findings related to IT governance, risk, and security
- Partner closely with Information Security, Non-Financial Risk, Compliance and COO to ensure consistent risk treatment, clear RACI across the three lines, and robust governance for high‑risk initiatives and changes
- Chair or play a leading role in IT Risk Management Forum in Asia ensuring effective escalation, challenge, and decision‑making for material risks, incidents, and exceptions.
- Oversee IT risk and governance dashboards and reports for senior IT management and relevant risk committees, covering incidents, audit/regulatory issues, key risk indicators, and remediation status
- Drive continuous improvement of IT processes and controls, promoting automation and simplification while maintaining a strong control environment
- Lead or support training and awareness for IT staff on technology risk, security, and governance requirements, reinforcing first line ownership and a strong risk culture
- Responsible for risk reporting to IT Risk Management Committee as well as Operational Risk Committees in Singapore and Hong Kong.
Stakeholder Management
- IT stakeholders include IT Service Owners, IT Infrastructure, IT Application Managers, IT Architecture and Project Managers
- CRO functions – including Business Operational Risk, Information Security and Compliance functions
- COO – Third Party Risk Management, Business Continuity
- Global functions – IT Governance, IT Risk Management, Information Security
- Establish strong relationship with key stakeholders
Regulatory Responsibilities &/OR Risk Management
- Ensure appropriate ethical and compliant behaviour within the area of responsibility by clear demonstration of appropriate values and behaviours including but not limited to standards on honesty and integrity, due care and diligence, fair dealing (treating customers fairly), management of conflicts of interest, competence and continuous development, adequate risk management, and compliance with applicable laws and regulations
YOUR PROFILE
SKILLS REQUIREMENTS OF THE POSITION
Personal and Social
- Excellent communication and stakeholder‑management skills, with a track record of engaging auditors, regulators, and senior management on complex technology risk topics
- Demonstrated ability to operate at senior level, influencing senior stakeholders, challenging constructively, and driving change across multiple IT domains
Professional and Technical
- Extensive experience in IT governance, technology risk, or IT control roles within banking, preferably private banking or wealth management
- Strong understanding of MAS technology and operational risk expectations, as well as industry frameworks (e.g., ISO 27001, ITIL, COBIT) and cyber risk practices
Regulatory (where applicable)
- Familiarity with technology regulatory framework and guidelines in Singapore (MAS) and Hong Kong (HKMA, SFC etc.)
We are looking forward to receiving your full job application through our online application tool. Further interesting job opportunities can be found on our Career site.
Is this not quite what you are looking for? Set up a job alert by creating a candidate account here.