IT Governance, Risk and Compliance Manager

Responsibilities Review and update internal IT policies/standards; communicate changes of internal policies/standards to staff and stakeholders. Develop and deliver cybersecurity training for staff, management, board of directors, agents and vendors. Track and manage deviations from IT policies and standards. Report on key information security risk metrics, including policy deviations and third-party assessments. Present technology and security risk updates to management and board committees. IT Governance and Security Awareness Lead regular risk assessments and continuous monitoring of technology risks, including emerging threats and new technologies. Manage technology risks related to third-party service providers and business partners. Oversee IT Risk Control Self-Assessment and Control Testing to evaluate the design and operating effectiveness of key controls. Communicate technology risks and mitigation strategies to relevant stakeholders, ensuring transparency and alignment. Technology Risk Management Facilitate regulatory engagements which include inspection, survey, query and ad-hoc requests from regulators related to IT division. Lead organisational self-assessments against technology and security related regulatory notices, circulars, guidelines and advisories. Coordinate external/internal audits and cybersecurity maturity assessment related to IT division. Technology Compliance and Assurance Drive enterprise access review activities, including roles to entitlements review, segregation of duties rules review, user access review. Drive the user administration activities review and SAP log review. IT Access Review Support enterprise-wide risk and compliance initiatives for the Technology division in specialised areas under information security, such as IAM, cloud security, application security, data security, AI security, etc. > Promote information security best practices and continuous improvement. Champion ongoing staff learning and development on cybersecurity and technology risk domains. Specialised Areas Governance Degree or Diploma in Computer Science, Information Technology, or related field. Minimum 10 years' experience in cybersecurity governance, risk monitoring, audit response, and compliance assessments. 2 - 4 years of team leading experience and managing teams of 8-10 members. Proven experience leading IT audits and regulatory inspections. Background in financial industry, big tech or established auditing firms preferred. Strong knowledge of MAS Technology Risk Management, Cyber Hygiene, Outsourcing, and Business Continuity Management requirements. Familiarity with control frameworks (COBIT, NIST CSF, ISO 27001). Practitioner and holder of IT risk certifications (CISA, CRISC, CISSP). Proficiency in office productivity tools and business intelligence platforms (Microsoft Office, PowerBI, Archer, Tableau). Demonstrated ability to analyse risk and control issues, challenge the status quo, and drive pragmatic solutions. Track record in developing and driving information security awareness programs. Excellent interpersonal, coordination, communication, presentation, and writing skills. Meticulous, independent, and collaborative work style. Requirements Degree or Diploma in Computer Science, Information Technology, or related field. Minimum 10 years' experience in cybersecurity governance, risk monitoring, audit response, and compliance assessments. 2 - 4 years of team leading experience and managing teams of 8-10 members. Proven experience leading IT audits and regulatory inspections. Background in financial industry, big tech or established auditing firms preferred. Strong knowledge of MAS Technology Risk Management, Cyber Hygiene, Outsourcing, and Business Continuity Management requirements. Familiarity with control frameworks (COBIT, NIST CSF, ISO 27001). Practitioner and holder of IT risk certifications (CISA, CRISC, CISSP). Proficiency in office productivity tools and business intelligence platforms (Microsoft Office, PowerBI, Archer, Tableau). Demonstrated ability to analyse risk and control issues, challenge the status quo, and drive pragmatic solutions. Track record in developing and driving information security awareness programs. Excellent interpersonal, coordination, communication, presentation, and writing skills. Meticulous, independent, and collaborative work style. #J-18808-Ljbffr