AVP, Information & Technology Risk Manager (Control Assurance & Enablement)

Location:Singapore

Job Function:Risk & Performance Management Department

Job Type:Permanent

Req ID:16966

GIC is one of the worlds largest sovereign wealth funds. With over 2000 employees across 11 locations around the world we invest in more than 40 countries globally across asset classes and businesses. Working at GIC gives you exposure to an extraordinary network of the worlds industry leaders. As a leading global long-term investor we Work at the Point of Impact for Singapores financial future and the communities we invest in worldwide.

Risk and Performance Management Department (RPMD)
We work collaboratively across teams to help guard against blind spots and ensure that all relevant risks are considered and duly addressed.

Information & Technology Risk Management

You will be a part of a team that independently protects the firms information technology assets including business data from external threats and operational risks while supporting the firms digitalisation journey in a secure manner.

What will you do as an VP Information & Technology Risk Manager

As an Assistant Vice President Information & Technology Risk Manager (Control Assurance & Enablement) you will operate as part of GICs Information & Technology Risk Management (ITRM) team on the Second Line of Defence (2LOD) providing independent assurance and oversight of control effectiveness across GICs technology and operational risk landscape.

You will be responsible for designing and executing control testing programs conducting thematic reviews and assessing the adequacy of control design and effectiveness against Operational Risk Self Assessments (ORSA). The role requires strong analytical capability sound judgment and the ability to translate assurance findings into actionable insights that strengthen GICs overall control environment.

Control Testing and Assurance

• Develop and execute independent control testing to review the design and operating effectiveness of key controls and processes across technology information and cybersecurity risk domains including Artificial Intelligence (AI).
• Perform end-to-end control testing across areas such as cybersecurity IT infrastructure data management AI and information risk.
• Validate the adequacy of control evidence identify control gaps and assess residual risk.
• Ensure testing methodologies align with internal policies regulatory expectations and industry standards.
• Maintain comprehensive documentation of test plans results and conclusions in accordance with audit-quality standards.

Thematic Reviews and ORSA Control Validation

• Conduct thematic reviews on key risk areas to identify systemic control weaknesses emerging risks and opportunities for improvement.
• Review and provide oversight to the assessments performed by the First Line of Defence (1LOD) as part of the ORSA process.
• Evaluate the consistency completeness and accuracy of ORSA results ensuring alignment with GICs risk appetite and control framework.
• Provide independent assurance on the robustness of control self-assessments and the adequacy of risk mitigation measures.

Risk Oversight and Governance

• Provide independent oversight to 1LOD risk assessments control testing and remediation plans.
• Support the identification of key risk themes and control trends through data analysis and cross-functional insights.
• Partner with internal audit and other assurance functions to ensure coordinated coverage and avoid duplication of effort.

• Contribute to the development and enhancement of control testing frameworks methodologies and reporting templates.
• Prepare assurance reports and dashboards summarizing testing results thematic findings and key observations for management and governance committees.
• Support continuous improvement of risk and control assurance processes through automation data analytics and continuous monitoring techniques.

Continuous Improvement and Risk Culture

• Stay abreast of evolving regulatory expectations technology risk trends and control assurance practices.
• Recommend enhancements to control frameworks and testing approaches based on lessons learned and industry developments.
• Promote a strong risk and control culture through engagement awareness and training initiatives.
• Contribute to the maturity of the 2LOD assurance function by driving consistency efficiency and insight in testing and review activities.

What qualifications or skills should you possess in this role

• Minimally 5 years of experience in technology/cybersecurity control assurance or audit functions preferably within financial institutions or regulated environments.
• Strong understanding of control frameworks (e.g. COSO COBIT ISO 27001 NIST) and risk management methodologies.
• Hands-on experience in control testing control design evaluation and issue validation.
• Experience conducting thematic reviews and assessing control effectiveness against ORSA or equivalent self-assessment frameworks.
• Familiarity with technology and operational risk domains such as cybersecurity IT infrastructure data security and third-party risk.
• Strong analytical and problem-solving skills with the ability to identify root causes and recommend pragmatic solutions.
• Excellent communication and stakeholder management skills with the ability to articulate control issues and influence remediation outcomes.
• Proficiency in using data analytics or automation tools for control testing is a strong advantage.
• Professional certifications such as CISA CRISC CISSP or equivalent are preferred.
  
  

Work at the Point of Impact
We need to be forward-looking to attract the right people to help us become the Leading Global Long-term Investor. Join our ambitious agile and diverse teams - be empowered to push boundaries and pursue innovative ideas share your views and be anchored on our PRIME Values: Prudence Respect Integrity Merit and Excellence which guides us in how we make our day-to-day decisions. We strive to inspire. To make an impact.

Flexibility at GIC
At GIC our offices are vibrant hubs for ideation professional growth and interpersonal connection. At the same time we believe that flexibility allows us to do our best work and be our best selves. Thus our teams come into the office four days per week to harness the benefits of in-person collaboration but have the flexibility to choose which days they work from home and adjust this arrangement as situational needs arise.

GIC is an equal opportunity employer
As an employer we passionately believe every individual brings with them unique diversity of thought and perspectives to meaningfully enrich perspectives of GIC teams to drive competitive performance. An inclusive environment yields exceptional contribution.

Learn more about our Risk & Performance Management Department here:

Experience:

Manager