IT Governance Manager/Senior Manager

The IT Governance Manager is part of the Risk Management line 1.5 defense, working with IT risk owners to ensure controls are effective and managed. The individual will be the primary interface for IT in all IT Audits and Governance matters, supporting the CIO to manage and respond to internal/external audit, MAS inspection requests and queries; and its follow-up action.

Primary Job Responsibilities

• Responsible for the management of testing and enforcement of Technology and Cyber related policies, processes and procedures.
• Execute policies, processes and procedures to facilitate effective IT and cyber related-risk Process and Control arising from Audit Findings or Process improvement maturity
• Advise on sound IT and cyber risk management matters, changes to MAS guidelines and notices, through timely updates to Senior Management
• Proactively engage in establishing IT Risk awareness within Technology aligning with the organization risk posture
• Partner and work with internal stakeholders to review, identify, streamline and implement process improvements with regards to IT and cyber risk management
• Reference to regulator’s notices, circulares and guidelines (such as, TRM, Cyber Hygiene) to assess risk and gaps, and work with Line 2 and Security to improve policies and processes to mitigate risks, minimize their impact to operations
• Prepare and provide data for risk analysis and reporting.
• Communicate and provide guidance of new IT policies and standards to relevant stakeholders.
• Ability to innovate and automate as required.

• Manage IT related audits, regulatory inspections. Review the audit findings with key stakeholders to determine audit findings root cause, formulate action plans accordingly and verify remedial solutions for closure
• Liaison for IT audits, Risk and Compliance activities and providing support to business audits that have IT involvement.
• Manage IT audit lifecycle from start to end (eg kick off meeting, RFI, fieldwork, reporting and closure of audit findings).

Requirements:

• Minimum 8 years of experience in risk with at least 5 years of experience specifically handling IT audits, risk and compliance, in a IT control function (preferably from financial/banking/payment industry)
• Open to candidates with experience in IT governance, IT audit, IT regulatory compliance who are keen to explore a career in IT risk management
• Strong knowledge of regulatory requirements and industry practices (e.g. NIST framework, MAS TRM Guidelines, MAS Cyber Hygiene, ISO 27001 standard)
• Experience in facing external auditors and statutory regulator such as MAS
• Strong writing, communication and inter‐personal skills
• Attention to details, with the ability to thoroughly and accurately review IT policies, process and audit responses.