Senior Manager - Risk & Compliance (Cluster CISO)

The Senior Manager, Risk & Compliance supports the effective management of cybersecurity and IT risks across Cluster. The role is responsible for maintaining the risk register, coordinating audits, ensuring compliance with regulatory and internal requirements, and driving timely closure of risk and compliance issues. The position also plays a critical role in supporting the Cybersecurity Management Committee (CMC) and acts as a bridge between operational teams, regulators, auditors, and management to provide visibility and assurance on Clusters’ cybersecurity risk posture.

Position Overview

The Senior Manager, Risk & Compliance supports the effective management of cybersecurity and IT risks across Cluster. The role is responsible for maintaining the risk register, coordinating audits, ensuring compliance with regulatory and internal requirements, and driving timely closure of risk and compliance issues. The position also plays a critical role in supporting the Cybersecurity Management Committee (CMC) and acts as a bridge between operational teams, regulators, auditors, and management to provide visibility and assurance on Clusters’ cybersecurity risk posture.

Role & Responsibilities

Cybersecurity Management Committee (CMC) Secretariat

• Serve as the secretariat to the CMC, coordinating agendas, materials, and minutes.
• Ensure timely maintenance and reporting of the Cybersecurity Risk Register to the CMC.
• Track and follow up on risk-related action items arising from CMC meetings.
• Support CMC reporting obligations to senior management, MOH, and other authorities.

Risk Assessment & Tracking

• Maintain and update the Cybersecurity Risk Register, ensuring no overdue risks.
• Support and review risk assessments for IT, OT, and Medical Devices.
• Track remediation plans and escalate where delays or risks remain unresolved.
• Facilitate the annual CII risk assessment and submission to CSA.

Audit Coordination & Risk Remediation

• Coordinate internal and external audits (CCoP, AGO, etc.).
• Prepare reports, track follow-ups, and ensure timely closure of findings.
• Act as a point of contact with CRO, internal teams, and regulators for audit matters.

Policy Compliance & Governance

• Monitor compliance against MOH, CSA, and other sectoral requirements.
• Support the design and rollout of a cluster-wide compliance programme.
• Record and manage policy deviations, ensuring recertification is performed.
• Provide inputs to MOH on policy development and ensure alignment with sectoral policies.

Operational Risk & Oversight

• Support thematic reviews, annual planning, and SOP/policy updates.
• Assist in annual ERM Control Self-Assessments, including validation of results.
• Track IT/security-related findings from AGO and sectoral reviews.
• Support oversight of Synapxe 2LoD actions and reporting.
• Manage reviews and follow-ups of cybersecurity controls for PDPC breach cases.

Stakeholder Engagement & Reporting

• Build effective working relationships with regulators, auditors, and internal stakeholders.
• Prepare dashboards and compliance reports to update senior management.
• Act as a subject matter resource for operational teams on risk and compliance issues.

Requirements

• Experience:
  • 8–10 years in Information Security, IT Risk, Audit, or related fields.
• Knowledge: Strong understanding of cybersecurity risk management, compliance frameworks, and sectoral regulations (CSA, MOH, PDPC).
• Certifications (preferred): CISSP, CISA, CISM, CRISC.
• Skills:
  • Strong organisational and coordination abilities.
  • Able to track and drive closure of risk, audit, and compliance matters.
  • Good communication and stakeholder management skills.
  • Analytical with strong attention to detail.