Senior Internal Audit Manager (Payments - Banking - Crypto)

Senior Internal Audit Manager (Payments - Banking - Crypto)

Our client is a leading payments infrastructure brand in Singapore.

The Head of Internal Audit will establish, lead, and manage Group Internal Audit function, providing independent, risk-based assurance over the Group's internal controls, governance framework, regulatory compliance and risk management processes across all licensed entities.

The role requires deep familiarity with MAS supervisory expectations, particularly for payment institutions and DPT service providers, and the capability to translate those expectations into a practical, proportionate, and credible audit programme across a fast-growing, multi-jurisdictional fintech.

KEY RESPONSIBILITIES

A) Establish and Lead the Group Internal Audit Function

• Design and implement a Group Internal Audit Charter, approved by the Board, defining scope, authority, independence, reporting lines and operational standards in line with MAS Guidelines on Internal Audit and IIA Standards
• Build and maintain a risk-based Annual Audit Plan covering all material risk domains across all Group entities
• Serve as the primary point of accountability for all internal audit deliverables — including audit reports, management action tracking and Board-level reporting
• Establish audit methodology, working paper standards, quality assurance processes and audit committee reporting templates

B) MAS-Specific and Singapore Regulatory Audit

• Lead the annual independent AML/CFT audit mandated under MAS Notice PSN02, covering the full AML/CFT programme including policies, controls, transaction monitoring, customer due diligence and sanctions screening
• Conduct or oversee audits of all MAS-regulated activities under the PS Act, including safeguarding obligations (PSN01), technology risk management (MAS TRM Guidelines), and outsourcing controls (MAS Outsourcing Guidelines)
• Audit the Group's DPT controls framework ahead of and following licence variation approval, including custody solution architecture, wallet controls, and DPT-specific AML/CFT procedures
• Ensure audit findings and management responses are presented to the Board / Independent Director and are available to MAS upon request
• Interface directly with MAS as needed, including in the context of inspections, supervisory engagements, or regulatory requests for audit-related information

C) Global Internal Audit Coverage

• Manage internal audit across the Group licensed entities including Canada (FINTRAC MSB/VASP), UAE (CBUAE), US MSB, and future licences in the UK, EU, Australia and Asia
• Understand and apply jurisdiction-specific audit requirements (e.g., FINTRAC Part 1 and Part 2 compliance testing, CBUAE AML requirements) and identify gaps between those requirements and MAS PSN02
• Coordinate with local compliance officers and external co-sourced auditors in each jurisdiction to ensure consistent coverage standards and consolidated Group reporting
• Maintain a Group-wide audit universe and risk register, updated at least annually, to reflect the evolving risk profile of the business

D) Governance, Risk and Control Assurance

• Audit the adequacy and effectiveness of governance framework including Board-level oversight, delegated authority structures, conflict of interest management and policy compliance
• Review the Group's Enterprise-Wide Risk Assessment (EWRA) process and provide independent assurance over risk identification, rating and mitigation adequacy
• Assess the effectiveness of operational and technology controls including IT general controls, access management, change management, business continuity and incident management
• Audit the Group's outsourcing and third-party risk management framework, including intra-group service arrangements and oversight of India-based execution teams
• Provide assurance over fraud risk controls and payments integrity framework, including transaction monitoring design and effectiveness

E) Board Reporting and Independence

• Report functionally to the Board through the Independent Non-Executive Director, with full and unrestricted access to all records, personnel and systems necessary to discharge audit responsibilities
• Present findings, risk ratings and management action plans to the Board on at least a quarterly basis; present the full Annual Audit Plan and year-end results to the Board annually
• Maintain independence from all business, compliance and operational functions; escalate any threats to independence to the Board immediately
• Track and validate management's remediation of all audit findings and report overdue or re-opened items to the Board with appropriate escalation

CANDIDATE PROFILE

Experience

• 10–15+ years in internal audit, with at least 5 years in a senior audit leadership role within a MAS-regulated financial institution (bank, payment institution, digital asset firm, or equivalent)
• Direct experience auditing AML/CFT programmes under MAS Notice PSN02 or equivalent — ideally including a payment institution or DPT service provider context
• Familiarity with the MAS Guidelines on Internal Audit, MAS TRM Guidelines, MAS Outsourcing Guidelines, and the Payment Services Act 2019
• Experience managing or co-ordinating internal audit across multiple regulated jurisdictions; FINTRAC, CBUAE or FCA experience a strong advantage
• Prior experience either building an internal audit function from scratch or significantly transforming an existing one in a fast-growing or complex regulated entity
• Background in external audit of financial institutions (Big 4 or equivalent) is highly valued, particularly if combined with in-house regulatory audit experience

Technical Competencies

• Deep knowledge of MAS's regulatory framework for payment institutions: PS Act, PSN01, PSN02, PSN07, PS-G01 and the MAS internal audit guidelines
• Strong understanding of AML/CFT risk, transaction monitoring design, sanctions compliance, and the risk-based approach under FATF standards
• Working knowledge of technology and cyber risk auditing, including IT general controls, cloud infrastructure, and digital asset custody systems
• Familiarity with DPT / digital asset regulatory frameworks and the specific audit risks associated with DPT service providers
• Proficiency with audit management methodologies and tools; IIA Standards (IPPF) certification or equivalent strongly preferred