IT Governance Specalist

Position Summary:

The IT Governance Specialist, as a 1.5 line of defense, is responsible for defining, formulating, governing, reporting and controlling of the IT and cyber risk (Information Security) related frameworks, policies, processes and procedures for the organisation. The incumbent plays a control function and works closely with the first, second and third lines of defense. The incumbent will be an intermediary, advisor and domain expert to the business stakeholders on IT and cyber security matters.

Responsibilities:

• Interface with the second and third lines of defense and will be the single point of contact (working with first line) for all risk, audit and regulatory related matters.
• Collaborate with second line of defense to implement and drive strategic initiatives to enhance the firm's technology risk management capabilities and awareness, in line with industry best practices and the firm's standards and regulatory requirements.
• Identify and escalate emerging and upstream technology risks through execution of the Firm’s risk management framework tools, including risk event management, reporting, and action plan tracking.
• Provide advisory to stakeholders and constituents regarding their IT/security obligations, facilitating acceptable outcomes.
• Liaise with diverse teams to drive and conduct regulatory and IT compliance self-assessment programmes, risk awareness trainings and so on.
• Liaise with diverse teams to perform risk and control self-assessment (RCSA) testing, gathering and validating KRIs, dealing with incidents, availability management, etc.
• Partner and work with internal stakeholders to review, identify, streamline and implement process improvements with regards to IT and cyber risk management.
• Manage IT related audits, regulatory inspections (including regulatory meeting and request for information).
• Review audit findings with key stakeholders to determine action plans and verify remedial solutions for closure.
• Communicate and provide guidance of new IT related policies, standards to relevant stakeholders.
• Provide advice on IT and cyber risk management matters as required.
• Prepare ad-hoc and periodic regulatory and management reports
• Ability to innovate, automate and strategise as required.

Requirements

• At least 7 years of experience in IT Governance or risk management with 3 to 5 years of relevant experience specifically in IT Governance and/or Risk management.
• Candidates from financial/payment industry and familiar with MAS & CCOP regulatory requirements or equivalent are preferred.
• Candidates with experience in IT/Cyber operations/governance/audit/regulatory compliance who are keen to explore a career in IT Governance and risk management are welcomed to apply.
• Strong knowledge of regulatory requirements, IT Governance practices, operations risk management processes and industry trends/practices (e.g. NIST framework, MAS requirements, ISO 27001 standard, PS Act, etc.).
• Certifications such as CGEIT, CISA, CISM, CISSP, CRISC or any relevant certification is an advantage.
• Good project management, time management and problem-solving skills.
• An eye for details, and able to work well under pressure and respond to tight deadlines.
• Proactive team player and able to work independently with minimal supervision.
• Good communication, presentation and business writing skills.