ead, IT Governance, Risk and Compliance

We are seeking an experienced Lead, IT Governance, Risk and Compliance to lead our Income Insurance Line 1 Technology GRC function. This role reports to the Head of IT Risk and Security and acts as a key communicator across technical and non-technical audiences, including Technology Risk Oversight, Audit, Executive Committee, Board, and Regulators. The successful candidate will mentor a team of GRC professionals, guiding them through scheduled and ad-hoc inspections and audits, and leveraging deep governance expertise to ensure robust control environments. IT Governance and Security Awareness Review and update internal IT policies/standards; communicate changes of internal policies/standards to staff and stakeholders. Develop and deliver cybersecurity training for staff, management, board of directors, agents and vendors. Track and manage deviations from IT policies and standards. Report on key information security risk metrics, including policy deviations and third-party assessments. Present technology and security risk updates to management and board committees. Technology Risk Management Lead regular risk assessments and continuous monitoring of technology risks, including emerging threats and new technologies. Manage technology risks related to third-party service providers and business partners. Oversee IT Risk Control Self-Assessment and Control Testing to evaluate the design and operating effectiveness of key controls. Communicate technology risks and mitigation strategies to relevant stakeholders, ensuring transparency and alignment. Technology Compliance and Assurance Facilitate regulatory engagements which include inspection, survey, query and ad-hoc requests from regulators related to IT division. Lead organisational self-assessments against technology and security related regulatory notices, circulars, guidelines and advisories. Coordinate external/internal audits and cybersecurity maturity assessment related to IT division. IT Access Review Drive enterprise access review activities, including roles to entitlements review, segregation of duties rules review, user access review. Drive the user administration activities review and SAP log review. Specialised Areas Governance Support enterprise-wide risk and compliance initiatives for the Technology division in specialised areas under information security, such as IAM, cloud security, application security, data security, AI security, etc. Promote information security best practices and continuous improvement. Champion ongoing staff learning and development on cybersecurity and technology risk domains. Requirements Degree or Diploma in Computer Science, Information Technology, or related field. Minimum 10 years' experience in cybersecurity governance, risk monitoring, audit response, and compliance assessments. 2 - 4 years of team leading experience and managing teams of 8-10 members. Proven experience leading IT audits and regulatory inspections Background in financial industry, big tech or established auditing firms preferred. Strong knowledge of MAS Technology Risk Management, Cyber Hygiene, Outsourcing, and Business Continuity Management requirements. Familiarity with control frameworks (COBIT, NIST CSF, ISO 27001). Practitioner and holder of IT risk certifications (CISA, CRISC, CISSP). Proficiency in office productivity tools and business intelligence platforms (Microsoft Office, PowerBI, Archer, Tableau). Demonstrated ability to analyse risk and control issues, challenge the status quo, and drive pragmatic solutions. Track record in developing and driving information security awareness programs. Excellent interpersonal, coordination, communication, presentation, and writing skills. Meticulous, independent, and collaborative work style. #J-18808-Ljbffr