We are seeking an experienced Lead, IT Governance, Risk and Compliance to lead our Income Insurance Line 1 Technology GRC function. This role reports to the Head of IT Risk and Security and acts as a key communicator across technical and non-technical audiences, including Technology Risk Oversight, Audit, Executive Committee, Board, and Regulators. The successful candidate will mentor a team of GRC professionals, guiding them through scheduled and ad-hoc inspections and audits, and leveraging deep governance expertise to ensure robust control environments
IT Governance and Security Awareness
- Review and update internal IT policies/standards communicate changes of internal policies/standards to staff and stakeholders.
- Develop and deliver cybersecurity training for staff, management, board of directors, agents and vendors.
- Track and manage deviations from IT policies and standards.
- Report on key information security risk metrics, including policy deviations and third-party assessments.
- Present technology and security risk updates to management and board committees.
Technology Risk Management
- Lead regular risk assessments and continuous monitoring of technology risks, including emerging threats and new technologies.
- Manage technology risks related to third-party service providers and business partners.
- Oversee IT Risk Control Self-Assessment and Control Testing to evaluate the design and operating effectiveness of key controls.
- Communicate technology risks and mitigation strategies to relevant stakeholders, ensuring transparency and alignment.
Technology Compliance and Assurance
- Facilitate regulatory engagements which include inspection, survey, query and ad-hoc requests from regulators related to IT division.
- Lead organisational self-assessments against technology and security related regulatory notices, circulars, guidelines and advisories.
- Coordinate external/internal audits and cybersecurity maturity assessment related to IT division.
IT Access Review
- Drive enterprise access review activities, including roles to entitlements review, segregation of duties rules review, user access review.
- Drive the user administration activities review and SAP log review.
Specialised Areas Governance
- Support enterprise-wide risk and compliance initiatives for the Technology division in specialised areas under information security, such as IAM, cloud security, application security, data security, AI security, etc.
- Promote information security best practices and continuous improvement.
- Champion ongoing staff learning and development on cybersecurity and technology risk domains.
Requirements:
- Degree or Diploma in Computer Science, Information Technology, or related field.
- Minimum 10 years experience in cybersecurity governance, risk monitoring, audit response, and compliance assessments.
- 2 - 4 years of team leading experience and managing teams of 8-10 members.
- Proven experience leading IT audits and regulatory inspections
- Background in financial industry, big tech or established auditing firms preferred.
- Strong knowledge of MAS Technology Risk Management, Cyber Hygiene, Outsourcing, and Business Continuity Management requirements.
- Familiarity with control frameworks (COBIT, NIST CSF, ISO 27001).
- Practitioner and holder of IT risk certifications (CISA, CRISC, CISSP).
- Proficiency in office productivity tools and business intelligence platforms (Microsoft Office, PowerBI, Archer, Tableau).
- Demonstrated ability to analyse risk and control issues, challenge the status quo, and drive pragmatic solutions.
- Track record in developing and driving information security awareness programs.
- Excellent interpersonal, coordination, communication, presentation, and writing skills.
- Meticulous, independent, and collaborative work style.
