Lead, IT Governance, Risk and Compliance

Responsibilities:

IT Governance and Security Awareness

• Review and update internal IT policies/standards; communicate changes of internal policies/standards to staff and stakeholders.
• Develop and deliver cybersecurity training for staff management board of directors agents and vendors.
• Track and manage deviations from IT policies and standards.
• Report on key information security risk metrics including policy deviations and third-party assessments.
• Present technology and security risk updates to management and board committees.

Technology Risk Management

• Lead regular risk assessments and continuous monitoring of technology risks including emerging threats and new technologies.
• Manage technology risks related to third-party service providers and business partners.
• Oversee IT Risk Control Self-Assessment and Control Testing to evaluate the design and operating effectiveness of key controls.
• Communicate technology risks and mitigation strategies to relevant stakeholders ensuring transparency and alignment.

Technology Compliance and Assurance

• Facilitate regulatory engagements which include inspection survey query and ad-hoc requests from regulators related to IT division.
• Lead organisational self-assessments against technology and security related regulatory notices circulars guidelines and advisories.
• Coordinate external/internal audits and cybersecurity maturity assessment related to IT division.

IT Access Review

• Drive enterprise access review activities including roles to entitlements review segregation of duties rules review user access review.
• Drive the user administration activities review and SAP log review.

Specialised Areas Governance

• Support enterprise-wide risk and compliance initiatives for the Technology division in specialised areas under information security such as IAM cloud security application security data security AI security etc.
• Promote information security best practices and continuous improvement.
• Champion ongoing staff learning and development on cybersecurity and technology risk domains.

Requirements:

• Degree or Diploma in Computer Science Information Technology or related field.
• Minimum 10 years experience in cybersecurity governance risk monitoring audit response and compliance assessments.
• 2 - 4 years of team leading experience and managing teams of 8-10 members.
• Proven experience leading IT audits and regulatory inspections
• Background in financial industry big tech or established auditing firms preferred.
• Strong knowledge of MAS Technology Risk Management Cyber Hygiene Outsourcing and Business Continuity Management requirements.
• Familiarity with control frameworks (COBIT NIST CSF ISO 27001).
• Practitioner and holder of IT risk certifications (CISA CRISC CISSP).
• Proficiency in office productivity tools and business intelligence platforms (Microsoft Office PowerBI Archer Tableau).
• Demonstrated ability to analyse risk and control issues challenge the status quo and drive pragmatic solutions.
• Track record in developing and driving information security awareness programs.
• Excellent interpersonal coordination communication presentation and writing skills.
• Meticulous independent and collaborative work style.