Lead, IT Governance, Risk and Compliance

Responsibilities:

IT Governance and Security Awareness

• Review and update internal IT policies/standards; communicate changes of internal policies/standards to staff and stakeholders.
• Develop and deliver cybersecurity training for staff, management, board of directors, agents and vendors.
• Track and manage deviations from IT policies and standards.
• Report on key information security risk metrics, including policy deviations and third-party assessments.
• Present technology and security risk updates to management and board committees.

Technology Risk Management

• Lead regular risk assessments and continuous monitoring of technology risks, including emerging threats and new technologies. 
• Manage technology risks related to third-party service providers and business partners.
• Oversee IT Risk Control Self-Assessment and Control Testing to evaluate the design and operating effectiveness of key controls.
• Communicate technology risks and mitigation strategies to relevant stakeholders, ensuring transparency and alignment.

Technology Compliance and Assurance

• Facilitate regulatory engagements which include inspection, survey, query and ad-hoc requests from regulators related to IT division.
• Lead organisational self-assessments against technology and security related regulatory notices, circulars, guidelines and advisories.
• Coordinate external/internal audits and cybersecurity maturity assessment related to IT division. 

IT Access Review

• Drive enterprise access review activities, including roles to entitlements review, segregation of duties rules review, user access review. 
• Drive the user administration activities review and SAP log review. 

Specialised Areas Governance

• Support enterprise-wide risk and compliance initiatives for the Technology division in specialised areas under information security, such as IAM, cloud security, application security, data security, AI security, etc.
• Promote information security best practices and continuous improvement.
• Champion ongoing staff learning and development on cybersecurity and technology risk domains.

Requirements:

• Degree or Diploma in Computer Science, Information Technology, or related field.  
• Minimum 10 years’ experience in cybersecurity governance, risk monitoring, audit response, and compliance assessments.
• 2 - 4 years of team leading experience and managing teams of 8-10 members.
• Proven experience leading IT audits and regulatory inspections
• Background in financial industry, big tech or established auditing firms preferred.
• Strong knowledge of MAS Technology Risk Management, Cyber Hygiene, Outsourcing, and Business Continuity Management requirements.  
• Familiarity with control frameworks (COBIT, NIST CSF, ISO 27001).  
• Practitioner and holder of IT risk certifications (CISA, CRISC, CISSP).  
• Proficiency in office productivity tools and business intelligence platforms (Microsoft Office, PowerBI, Archer, Tableau).
• Demonstrated ability to analyse risk and control issues, challenge the status quo, and drive pragmatic solutions. 
• Track record in developing and driving information security awareness programs.
• Excellent interpersonal, coordination, communication, presentation, and writing skills.  
• Meticulous, independent, and collaborative work style.