Job summary

Director, API Governance, Risk and Control

Leading international bank is looking for a specialist with strong technical to oversee their API governance process: responsibility to ensure that all APIs and their usage follows compliance to Group policy and standards, covering both internal and external APIs. Also including, enforcement and monitoring of related standards as they apply to the API lifecycle. This specialist role will enable to the API governance team to sha...

Director, API Governance, Risk and Control

Leading international bank is looking for a specialist with strong technical to oversee their API governance process: responsibility to ensure that all APIs and their usage follows compliance to Group policy and standards, covering both internal and external APIs. Also including, enforcement and monitoring of related standards as they apply to the API lifecycle. This specialist role will enable to the API governance team to shape a fit for purpose process that caters for the various API platforms in the bank.

Will require an in-depth understanding of API Platforms, Partnerships, Open Banking framework, 3rd Party API's compliance, CI/CD technologies, Technology standards, Security controls & Governance Framework.

Role

  • Operate as a risk and control senior SME for R&C, managing the design of API risk/control activities and supporting domain teams in implementation.
  • Deliver the API Governance Framework with a technical lens, which includes controls testing, assurance, reporting, operation of API Governance Council.
  • Manage and drive process coverage and alignment to Bank standards and policies to ensure the process universe has demonstratable compliance in relation to APIs.
  • Ensure consistency and standardisation across lines of responsibility
  • Familiar with Technology Risk principles, and how risk management operates as part of the larger Enterprise Risk Management Framework
  • Ensure a strategic approach to controls design and implementation which covers the API 'end to end' lifecycle model is technically comprehensive
  • Support the R&C control testing and assurance model with alignment to RSCA and control library models.
  • Must be able to understand and articulate the API eco system. Strong knowledge across the REST framework, Open API specification 3.0, GraphQL and related API technologies. Familiarity required across control requirements such as code security review, penetration testing and vulnerability management for APIs and API Endpoints.
  • Understand the governance model to provide assurance over the security and stability of External APIs, prior to exposing sensitive Group and client data to external parties
  • Identify, inventorise, assess and validate External APIs to ensure on-going compliance to Group and regulatory standards. Ensure adequate controls for all APIs across the Group, including Internal APIs and those not developed or managed in the Group's API gateways.
  • Understand the overall API Governance end to end, including the API Governance Council and related forums and how they work together to ensure risk oversight. Ensuring compliance to the Bank Risk Framework and driving API lifecycle adherence to the Risk Framework. Establishing new risks and processes as deemed necessary in conjunction with the Head of API Governance.

Please contact

Dietrich Yap - d.yap@gravitasgroup.com

View all

Technology

Entry level Recruitment Consultant

  • TypePermanent
  • SalaryS$3250 - S$6500 per month
  • LocationSingapore