Job Openings IT Governance, Risk, Compliance

About the job IT Governance, Risk, Compliance

Key Responsibilities

  • Serve as the primary liaison between first line of defense and second/third lines for all matters related to IT risk, audit, and regulatory compliance

  • Collaborate with risk and compliance teams to implement strategic initiatives that strengthen technology risk management and align with regulatory expectations and industry best practices

  • Identify, assess, and escalate emerging technology risks through the organisations risk management frameworkincluding incident reporting, risk event tracking, and follow-up action plans

  • Provide expert advisory support to internal stakeholders on IT security and regulatory obligations, ensuring alignment with policies and risk appetite

  • Coordinate and support internal teams in conducting regulatory and compliance self-assessments, risk awareness programs, and training sessions

  • Facilitate activities such as risk and control self-assessments (RCSA), KRI monitoring, incident tracking, and service availability reviews

  • Partner with business and technology teams to streamline and enhance IT risk management processes and governance frameworks

  • Manage end-to-end IT-related audits and regulatory inspections, including preparation of documentation, responses to information requests, and participation in regulatory engagements

  • Work with key stakeholders to review audit findings, define remediation plans, and ensure timely closure of issues

  • Drive communication and awareness of new IT and cyber-related policies and standards across relevant teams

  • Offer subject matter expertise on IT and cyber risk matters and contribute to enterprise-wide risk and control strategies

  • Prepare periodic and ad-hoc reports for senior management and regulators

  • Proactively identify opportunities to innovate, automate, and optimise risk management processes and reporting

Requirements

  • Minimum of 6 years of experience in IT Governance, Risk Management, or a related field

  • Exposure to financial services or regulated industries, with working knowledge of MAS regulations, CCOP, or equivalent regulatory frameworks

  • Background in IT or Cybersecurity operations, governance, compliance, or audit

  • Strong familiarity with frameworks and standards such as NIST, ISO 27001, MAS TRM guidelines, and relevant legislation (e.g., PS Act)

  • Professional certifications such as CGEIT, CISA, CISM, CISSP, CRISC, or equivalent are advantageous

  • Excellent project and time management capabilities, with a proactive problem-solving mindset

  • Detail-oriented, able to handle multiple deadlines and high-pressure environments

  • Strong interpersonal skills, with the ability to work both independently and as part of a team

  • Effective communicator with strong presentation and business writing abilities

  • Solid understanding of control design and process management, capable of conducting in-depth investigations into risk or control issues


Or refer someone