Senior Technology Risk Analyst

YouTrip is at the forefront of Asia's financial revolution, defining the future of digital finance with its leading multi-currency payment platform. Launched in 2018, YouTrip has swiftly ascended as a powerhouse, orchestrating billions in transactions annually and securing the trust of millions. With innovative solutions like YouTrip for consumers and YouBiz for businesses, we offer unmatched financial ease and cost-effectiveness. Fresh off a successful US$50 million Series B funding round led by Lightspeed Venture, we're setting new benchmarks in the digital financial services sector.

At the heart of our mission is a commitment to eliminate financial borders across Asia, propelling us into the next wave of digital finance.

We’re looking for a Senior Technology Risk Analyst to join our team. This role sits within the Second Line of Defense (SLOD) and is responsible for the day-to-day identification, assessment, oversight and monitoring of technology-related risks across the organisation's IT infrastructure/cloud, systems, and digital operations. The role serves as a trusted advisor to technology and business stakeholders and provides independent risk oversight to ensure effective management of technology and cybersecurity risks.

The Senior Technology Risk Analyst will provide subject matter expertise and play a proactive and hands-on role in identifying, assessing, and driving timely and risk-prioritised remediation of security vulnerabilities across internal systems, third-party/SaaS applications, and processes. You will partner closely with IT, Engineering, and Business teams to ensure timely resolution of identified risks, strengthen control effectiveness, and promote a culture of security and risk awareness across the organisation.

This role supports the organization’s Risk Assessment & Monitoring, IT Controls & Compliance, Governance & Reporting, Vulnerability Management, and Business Continuity efforts, ensuring alignment with regulatory, legal, and business requirements. The ideal candidate will have a strong understanding of technology risk challenges within FinTech or regulated financial services and will collaborate closely with IT, Compliance, Legal, and Business teams to ensure robust risk management practices and regulatory compliance.

1. Risk Assessment & Monitoring
• Lead and independently conduct technology risk assessments across IT systems, applications, cloud environments, and third-party vendors.
• Support the identification, documentation, and ongoing oversight of technology risks in the risk register.
• Establish, monitor, and analyse technology risk indicators, emerging threats, and control weaknesses, escalating material concerns to senior management and governance committees.
• Contribute to periodic risk reporting for internal stakeholders and governance committees.
2. IT Controls & Compliance
• Lead reviews and assessments of IT general controls (ITGCs) including access management, change management, logging and monitoring, and data backup and resilience controls.
• Provide subject matter expertise on regulatory and industry requirements such as MAS TRM guidelines, AU Cybersecurity Policy, BNM’s Tech Risk Policy, ISO 27001, NIST, SOC 2, etc.
• Help maintain documentation of control evidence, exceptions, and remediation actions.
• Participate in internal and external audits by collating required evidence and liaising with various teams.
3. Vulnerability & Incident Support
• Provide second-line oversight of vulnerability management activities, including assessment of remediation prioritisation, patch management effectiveness, penetration testing results, and exception management.
• Review and challenge remediation plans for high-risk vulnerabilities and technology control deficiencies.
• Support the Technology Risk team during cyber incident investigations, root cause analyses and post-incident reviews, ensuring lessons learned and control improvements are implemented.
4. Governance & Reporting
• Prepare risk dashboards and status updates for review by senior stakeholders.
• Support the development and maintenance of technology risk frameworks, policies, standards, and methodologies.
• Drive security and risk awareness initiatives across the organisation and provide guidance to business and technology stakeholders  with a focus on risks and real-world threats.
• Maintain and update team documentation, policies, and standard operating procedures (SOPs).
• Lead technology due diligence reviews and third-party risk assessments for vendors, outsourcing arrangements, and critical service providers.
5. Business Continuity & Security Enablement
• Provide oversight and challenge Business Continuity and Cybersecurity drills, ensuring identified gaps are tracked to closure.
• Provide security guidance during system changes, deployments, and operational updates.
• Act as a security point of contact for day-to-day operational questions from business and technology teams.

• Bachelor’s degree in Computer Science, Information Technology, Risk Management, or related field.
• 5-10  years of experience in IT risk, IT Audit, cybersecurity, or technology audit, preferably with banking, financial services, fintech or similar industry.
• Strong understanding of IT infrastructure/environment concepts: networks, cloud, databases, operating systems, and security principles.
• Strong working Knowledge of security frameworks and standards (ISO 27001, PCI DSS, NIST, CIS).
• Ability to independently assess complex technology risks and provide pragmatic, risk-based recommendations.
• Experience with risk assessment tools and methodologies.
• Strong analytical and problem-solving skills with attention to detail.
• Excellent communication and stakeholder management abilities.
• Strong sense of ownership and accountability.
• Ability to balance security needs with business realities.
• Ability to prioritize and manage multiple security issues simultaneously.
• Clear communicator with the ability to work cross-functionally with technical and non-technical teams.
• Relevant professional industry certifications (e.g., CISA, CISM, CIPP/E, CRISC) are strongly preferred.