AVPVP, Information & Technology Risk Manager (Third-Party & AI Supply Chain Risk Oversight)

Location:Singapore

Job Function:Risk & Performance Management Department

Job Type:Permanent

Req ID:16967

GIC is one of the worlds largest sovereign wealth funds. With over 2000 employees across 11 locations around the world we invest in more than 40 countries globally across asset classes and businesses. Working at GIC gives you exposure to an extraordinary network of the worlds industry leaders. As a leading global long-term investor we Work at the Point of Impact for Singapores financial future and the communities we invest in worldwide.

Risk and Performance Management Department (RPMD)
We work collaboratively across teams to help guard against blind spots and ensure that all relevant risks are considered and duly addressed.

Information & Technology Risk Management

You will be a part of a team that independently protects the firms information technology assets including business data from external threats and operational risks while supporting the firms digitalisation journey in a secure manner.

What will you do as an AVP/VP Information & Technology Risk Manager

As an Information & Technology Risk Manager (Third-Party & AI Supply Chain Risk Oversight) in GIC you will operate as part of the Second Line of Defence (2LOD) providing independent oversight assurance and challenge over technology risk management activities across GIC.

You will bring deep expertise in technology risk management with a focus on third-party (supply chain) and AI supply chain risks. The role ensures that technology and vendor-related risks are effectively identified assessed and managed in alignment with GICs risk appetite regulatory expectations and industry best practices.

Third-Party Risk Oversight

• Oversee third-party and outsourcing risk management activities ensuring compliance with GICs frameworks and regulatory requirements.
• Review vendor risk assessments and due diligence results for key technology service providers (e.g. cloud SaaS managed services).
• Assess the adequacy of third-party control environments covering cybersecurity data protection and operational resilience.
• Monitor concentration risks subcontractor dependencies and systemic vulnerabilities within the technology supply chain.
• Support the development of third-party risk metrics and dashboards for management reporting.

AI Supply Chain Risk Oversight

• Oversee AI supply chain risk management focusing on risks from third-party AI models datasets and platforms.
• Review AI vendor assessments to ensure model provenance data lineage and intellectual property rights are validated.
• Evaluate third-party AI providers for risks related to data integrity bias explainability and security vulnerabilities.
• Assess dependencies on external AI APIs model marketplaces and open-source components ensuring appropriate governance and control.
• Monitor emerging AI supply chain risks such as model poisoning data manipulation and systemic vulnerabilities in shared AI infrastructure.

Technology Risk Oversight

• Provide independent oversight of technology risk management activities performed by the First Line of Defence (1LOD).
• Review and challenge risk assessments control testing and remediation plans across key technology domains including cloud infrastructure cybersecurity and data management.
• Contribute to the enhancement of GICs technology risk frameworks policies and standards.
• Advise on emerging technology risks and control expectations ensuring alignment with regulatory and industry standards.

Independent Oversight and Assurance

• Conduct thematic and targeted reviews to assess the adequacy and effectiveness of technology third-party and AI supply chain controls.
• Provide independent oversight to 1LOD risk assessments and mitigation strategies.
• Partner with internal audit and other assurance functions to ensure comprehensive coverage of technology risk areas.
• Report key risk exposures control weaknesses and emerging issues to senior management and governance committees.

Incident Oversight and Continuous Improvement

• Oversee significant third-party or AI-related incidents ensuring proper escalation root cause analysis and remediation follow-up.
• Ensure lessons learned are embedded into risk management practices.
• Stay abreast of evolving regulatory expectations and industry developments in technology third-party and AI risk management.
• Drive continuous improvement in oversight practices and promote a strong risk culture across technology and business teams.

What qualifications or skills should you possess in this role

• Minimally 5 years of experience in technology risk management assurance or audit functions preferably within financial institutions or regulated environments.
• Deep expertise in technology risk management with strong understanding of control frameworks risk methodologies and emerging technology domains.
• Proven experience in third-party risk management outsourcing controls and vendor governance.
• Familiarity with AI and ML technologies particularly risks associated with AI supply chains model governance and data sourcing.
• Strong understanding of regulatory expectations and frameworks (e.g. MAS TRM MAS Outsourcing Guidelines HKMA ISO 27036 NIST AI RMF EU AI Act).
• Excellent analytical communication and stakeholder management skills with the ability to influence senior management and technical teams.
• Strong organizational and problem-solving skills with the ability to manage multiple priorities in a dynamic environment.
• Commitment to continuous learning and staying current with evolving technology and AI risk landscapes.

Work at the Point of Impact
We need to be forward-looking to attract the right people to help us become the Leading Global Long-term Investor. Join our ambitious agile and diverse teams - be empowered to push boundaries and pursue innovative ideas share your views and be anchored on our PRIME Values: Prudence Respect Integrity Merit and Excellence which guides us in how we make our day-to-day decisions. We strive to inspire. To make an impact.

Flexibility at GIC
At GIC our offices are vibrant hubs for ideation professional growth and interpersonal connection. At the same time we believe that flexibility allows us to do our best work and be our best selves. Thus our teams come into the office four days per week to harness the benefits of in-person collaboration but have the flexibility to choose which days they work from home and adjust this arrangement as situational needs arise.

GIC is an equal opportunity employer
As an employer we passionately believe every individual brings with them unique diversity of thought and perspectives to meaningfully enrich perspectives of GIC teams to drive competitive performance. An inclusive environment yields exceptional contribution.

Learn more about our Risk & Performance Management Department here:

Experience:

Exec