Senior IT Governance Specialist/Manager

Position Summary

The IT Governance Specialist, as a 1.5 line of defense, is responsible for defining, formulating, governing, reporting and controlling of the IT and cyber risk (Information Security) related frameworks, policies, processes and procedures for the organisation. The incumbent plays a control function and works closely with the first, second and third lines of defense. The incumbent will be an intermediary, advisor and domain expert to the business stakeholders on IT and cyber security matters.

Key Responsibilities

• Interface with the second and third lines of defense and will be the single point of contact (working with first line) for all risk, audit and regulatory related matters.
• Collaborate with second line of defense to implement and drive strategic initiatives to enhance the firm's technology risk management capabilities and awareness, in line with industry best practices and the firm's standards and regulatory requirements.
• Identify and escalate emerging and upstream technology risks through execution of the Firm’s risk management framework tools, including risk event management, reporting, and action plan tracking.
• Provide advisory to stakeholders and constituents regarding their IT/security obligations, facilitating acceptable outcomes.
• Liaise with diverse teams to drive and conduct regulatory and IT compliance self-assessment programmes, risk awareness trainings and so on.
• Liaise with diverse teams to perform risk and control self-assessment (RCSA) testing, gathering and validating KRIs, dealing with incidents, availability management, etc.
• Partner and work with internal stakeholders to review, identify, streamline and implement process improvements with regards to IT and cyber risk management.
• Manage IT related audits, regulatory inspections (including regulatory meeting and request for information).
• Review audit findings with key stakeholders to determine action plans and verify remedial solutions for closure.
• Communicate and provide guidance of new IT related policies, standards to relevant stakeholders.
• Provide advice on IT and cyber risk management matters as required.
• Prepare ad-hoc and periodic regulatory and management reports.
• Ability to innovate, automate and strategize as required.

Requirement

• At least 7 years of experience in IT Governance or risk management.
• Has worked in the financial or payment industry and is familiar with MAS and CCOP regulatory requirements or equivalent.
• Experience in IT/Cyber operations/governance/audit/regulatory compliance.
• Strong knowledge of regulatory requirements, IT Governance practices, operations risk management processes and industry trends/practices (e.g. NIST framework, MAS requirements, ISO 27001 standard, PS Act, etc.).
• Certifications such as CGEIT, CISA, CISM, CISSP, CRISC or any relevant certification is a plus.
• Good project management, time management and problem-solving skills.
• An eye for details, able to work well under pressure and respond to tight deadlines.
• Team player and able to work independently.
• Good communication, presentation and business writing skills.
• Possess a strong control and process management mindset, able to perform deep-dive investigations and crunching for control and process issues.