IT Governance Manager

The NETS Group is a leading payments services group, enabling digital payments for merchants, consumers and banks across the entire payments value chain. 

The Group operates Singapore's national debit scheme enabling customers of DBS Bank/POSB, HSBC, Maybank, OCBC Bank, Standard Chartered Bank and UOB to make payments using their ATM cards or mobile devices at more than 130,000 acceptance points in the country as well as online payments.

The IT Governance Manager is part of the Risk Management line 1.5 defense, working with IT risk owners to ensure controls are effective and managed. The individual will be the primary interface for IT in all IT Audits and Governance matters, supporting the CIO to manage and respond to internal/external audit, MAS inspection requests and queries; and its follow-up action.

This role works closely with first, second and third lines-of-defence, and acting as an intermediary, advisor to the business stakeholders on matters related on Audit, Governance and Compliance (internal policy compliance & Regulatory compliance) to ensure risk are identified timely, managed and mitigated adequately.

Primary Job Responsibilities

IT Risk and Process Compliance

• Responsible for the management of testing and enforcement of Technology and Cyber related policies, processes and procedures.
• Execute policies, processes and procedures to facilitate effective IT and cyber related-risk Process and Control arising from Audit Findings or Process improvement maturity
• Advise on sound IT and cyber risk management matters, changes to MAS guidelines and notices, through timely updates to Senior Management
• Proactively engage in establishing IT Risk awareness within Technology aligning with the organization risk posture
• Partner and work with internal stakeholders to review, identify, streamline and implement process improvements with regards to IT and cyber risk management
• Reference to regulator's notices, circulares and guidelines (such as, TRM, Cyber Hygiene) to assess risk and gaps, and work with Line 2 and Security to improve policies and processes to mitigate risks, minimize their impact to operations

• Prepare and provide data for risk analysis and reporting.

• Communicate and provide guidance of new IT policies and standards to relevant stakeholders.

• Ability to innovate and automate as required.

IT Audit Management

• Manage IT related audits, regulatory inspections. Review the audit findings with key stakeholders to determine audit findings root cause, formulate action plans accordingly and verify remedial solutions for closure
• Laision for IT audits, Risk and Compliance activities and providing support to business audits that have IT involvement.
• Manage IT audit lifecycle from start to end (eg kick off meeting, RFI, fieldwork, reporting and closure of audit findings).

Requirements:

• Minimum 8 years of experience in risk with at least 5 years of experience specifically handling IT audits, risk and compliance, in a IT control function (preferably from financial/banking/payment industry)
• Open to candidates with experience in IT governance, IT audit, IT regulatory compliance who are keen to explore a career in IT risk management
• Strong knowledge of regulatory requirements and industry practices (e.g. NIST framework, MAS TRM Guidelines, MAS Cyber Hygiene, ISO 27001 standard)
• Experience in facing external auditors and statutory regulator such as MAS
• Strong writing, communication and inter‐personal skills
• Attention to details, with the ability to thoroughly and accurately review IT policies, process and audit responses.

Network for Electronic Transfers (Singapore) Pte Ltd.