IT Risk and Governance Specialist

As the IT Governance and Risk Specialist, you will play a key part of the 1.5 line of defense, and responsible for developing, implementing, and maintaining the IT governance framework and risk management processes across the organization. This role involves ensuring that IT operations align with business objectives, regulatory requirements, and industry best practices while effectively managing and mitigating IT-related risks.

Key Responsibilities:

• Act as the primary contact for risk, audit, and regulatory issues, collaborating with the first, second, and third lines of defense.
• Partner with the second line of defense to drive and implement strategic initiatives aimed at enhancing the firm’s technology risk management capabilities and adherence to industry best practices and regulatory standards.
• Use the firm’s risk management framework tools to identify, escalate, and manage emerging technology risks, including risk event management, reporting, and action plan tracking.
• Provide expert advice to stakeholders on IT and cybersecurity obligations, ensuring compliance and facilitating effective outcomes.
• Coordinate with various teams to conduct regulatory and IT compliance self-assessments, risk awareness training, and risk and control self-assessment (RCSA) testing.
• Work with internal stakeholders to review and streamline processes related to IT and cybersecurity risk management.
• Oversee IT-related audits and regulatory inspections, including meetings and information requests. Review audit findings with stakeholders to develop and verify action plans for remediation.
• Communicate new IT-related policies and standards to relevant stakeholders and provide guidance on IT and cybersecurity risk management matters.
• Prepare periodic and ad-hoc regulatory and management reports. Demonstrate the ability to innovate, automate, and strategize as needed.

Requirements:

• Bachelors degree in Computer Science, Information Technology, or a related field.
• Min 5 years of experience in IT governance, risk management, or compliance.
• Ability to demonstrate deep technical expertise/knowledge in IT cyber operations, payment infrastructure or related are preferred.
• Strong knowledge of IT governance frameworks (e.g., COBIT, ITIL), risk management methodologies, regulatory and legal requirements, and industry practice (MAS TRM/TRMG/ NIST framework/ PS Act etc.)
• Certifications such as CGEIT, CISA, CISM, CISSP, CRISC is an advantage.