About the Role
We are seeking a meticulous and experienced IT Auditor to lead and support assessments related to IT governance, technology risk, cybersecurity controls, and regulatory compliance within the financial services sector in Singapore. This role requires strong hands-on experience in evaluating systems and controls aligned with MAS Technology Risk Management (TRM) requirements and globally recognized security frameworks.
Key Responsibilities
1. Basel Application Review
- Perform reviews of IT systems supporting Basel-related processes.
- Assess alignment with applicable regulatory requirements and industry best practices.
2. MEPS+ Security Compliance
- Lead independent assessments to validate MEPS+ security compliance.
- Evaluate control adequacy, risk mitigation effectiveness, and adherence to MAS requirements.
3. SWIFT CSCF Assessment
- Conduct reviews in accordance with the SWIFT Customer Security Controls Framework (CSCF).
- Identify control deficiencies and recommend enhancements to meet international cybersecurity standards.
4. Regulatory Compliance
- Perform assessments of IT environments against MAS technology risk standards including:
Cyber Hygiene Notice
TRM Notice
TRM Guidelines - Provide actionable recommendations to address compliance gaps and uplift IT control maturity.
5. Reporting & Stakeholder Engagement
- Prepare clear, concise, and well-structured audit reports and documentation.
- Present findings and recommendations to management and relevant stakeholders.
Qualifications & Experience
- Prior experience in IT Audit, Technology Risk, or IT Governance, ideally within a financial institution or consulting environment.
- Proven hands-on exposure in the following areas Basel-related system assessments MEPS and security compliance reviews, SWIFT CSCF compliance assessments
- Strong understanding of Singapore's regulatory landscape for technology risk, particularly MAS TRM requirements and Cyber Hygiene standards.
- Demonstrated ability to perform independent assessments and provide practical improvement recommendations.
- Excellent analytical skills with the ability to communicate complex technical matters to both technical and non-technical audiences.
- Professional certifications such as CISA, CISSP, CRISC, ISO 27001 Lead Auditor, or equivalent are advantageous.
Please refer to U3's Privacy Notice for Job Applicants/Seekers at. When you apply, you voluntarily consent to the collection, use and disclosure of your personal data for recruitment/employment and related purposes.
