IT Internal Governance and Regulatory Advisory Principal Specialist Sg

**Responsibilities**:
Strategy and Planning
- Promote the value and importance of effective IT Governance and assurance on all IT systems which serve SG Branch
- Lead the implementation of IT Governance and assurance framework strategy throughout SG Branch IT, where required.

Regulatory Compliance
- Monitor and report risk indicators / measures, and ensure timely escalation of the department’s operational risk events with mitigating actions to stakeholders and risk committees
- Proactively identify, assess and evaluate potential risks for the department to reduce likelihood and impact of occurrence in line with risk appetite
- Conduct self-assessments to identify and address control weaknesses and potential risks associated with new business initiatives, process changes and new product or services for the department
- Establish and implement controls, assurance and validations to manage risks for the department
- Ensure IT policies, procedures and SOPs are updated and aligned with the Bank’s risk framework and policies
- Perform regulatory gap analysis for new or revised regulatory guidelines impacting IT department, ensuring adequate risk and control are put in place for regulatory compliance
- Manage and address regulatory expectations, including audit examinations and queries
- Champion Risk & Compliance culture #, and provide relevant risk and compliance updates / training / guidance within IT department
- Ensure timely assessment, escalation and resolution of operational risk event to minimize potential losses
- Conduct deep-dive investigation, identify root causes with mitigating controls from learnings through post-incident to prevent recurrence
- Provide training and briefing to bank staff on IT governance policies and processes, and technology regulatory requirements, where required.
- Maintain registers on IT SOPs, risks, audit findings, non-compliances and formulate IT Risk management reports
- Develops / maintains Technology governance SOPs as needed
- POC for internal and external audits, and follow up on audit issues to ensure implementation of remediations
- Liaison with regulators on technology compliance matters.
- Assist business units on related legislation, regulatory and standards affecting IT Third Party Risk Management of the Bank
- Work with stakeholders to assist in the development and implementation of IT Third Party Risk compliance controls
- Validating Data Leakage Prevention & Privileged ID Review samples
- Assist Head IT Governance in all ITD Management Governance Meetings to contribute effectively as an SME to help the team in identifying risks, treating the risk, tracking and reporting.
- Deputise for Head IT Governance as ITD POC for all Risk Management on IT Risk related topics.Specialise in specific Risk domains such as Business Risk, Data Risk, Third-party Risk, Business Continuity and/or Project Management Assurance as assigned.

**Requirements**:

- Bachelor’s degree in computer science or its equivalent
- Relevant qualifications in MAS Technology Risk Management Guidelines, Business Continuity Management Guidelines, Outsourcing Guidelines & associated notices (658, FSM-N05, FSM-N06, etc), Personal Data Protection Act (2020) & Guidelines, and Cloud Governance (Based on AWS Best practices Pillars and NIST).
- Minimum 7 years working experience in Technology Governance
- Strong track record in technology risk management, preferably in a banking environment.
- Good leadership qualities.
- Able to engage stakeholders and develop options for them.
- Highly result oriented and can work independently.
- Ability to build relationship and interact effectively with internal and external parties.
- Good analytical, technical, written and verbal communication skills.
- Technology and operational risk management leadership.
- Risk management policy development.
- Technology outsourcing & risk gap assessments.
- Expert in analytical skills and able to make decisions, exhibit sound and accurate judgment when tackling challenges
- Mentor, train and advise colleagues
- Consistently consume and contribute to documentation to ensure up to date relevant body of knowledge that will directly ensure work is done correctly and completely
- Exposure/experience in other Technology areas outside of risk management, especially Cloud-related.