Assistant Vice President Information and Technology Risk Manager (Control Assurance and Enablement)

GIC is one of the world’s largest sovereign wealth funds. With over 2,000 employees across 11 locations around the world, we invest in more than 40 countries globally across asset classes and businesses. Working at GIC gives you exposure to an extraordinary network of the world’s industry leaders. As a leading global long-term investor, we work at the point of impact for Singapore’s financial future, and the communities we invest in worldwide.

We work collaboratively across teams to help guard against blind spots and ensure that all relevant risks are considered and duly addressed.

Information & Technology Risk Management

You will be a part of a team that independently protects the firm’s information technology assets, including business data, from external threats and operational risks, while supporting the firm’s digitalisation journey in a secure manner.

As an Assistant Vice President, Information & Technology Risk Manager (Control Assurance & Enablement), you will operate as part of GIC’s Information & Technology Risk Management (ITRM) team on the Second Line of Defence (2LOD), providing independent assurance and oversight of control effectiveness across GIC’s technology and operational risk landscape.

You will be responsible for designing and executing control testing programs, conducting thematic reviews, and assessing the adequacy of control design and effectiveness against Operational Risk Self Assessments (ORSA). The role requires strong analytical capability, sound judgment, and the ability to translate assurance findings into actionable insights that strengthen GIC’s overall control environment.

• Develop and execute independent control testing to review the design and operating effectiveness of key controls and processes across technology, information and cybersecurity risk domains, including Artificial Intelligence (AI).
• Perform end-to-end control testing across areas such as cybersecurity, IT infrastructure, data management, AI and information risk.
• Validate the adequacy of control evidence, identify control gaps, and assess residual risk.
• Ensure testing methodologies align with internal policies, regulatory expectations, and industry standards.
• Maintain comprehensive documentation of test plans, results, and conclusions in accordance with audit-quality standards.

• Conduct thematic reviews on key risk areas to identify systemic control weaknesses, emerging risks, and opportunities for improvement.
• Review and provide oversight to the assessments performed by the First Line of Defence (1LOD) as part of the ORSA process.
• Evaluate the consistency, completeness, and accuracy of ORSA results, ensuring alignment with GIC’s risk appetite and control framework.
• Provide independent assurance on the robustness of control self-assessments and the adequacy of risk mitigation measures.

• Provide independent oversight to 1LOD risk assessments, control testing, and remediation plans.
• Support the identification of key risk themes and control trends through data analysis and cross-functional insights.
• Partner with internal audit and other assurance functions to ensure coordinated coverage and avoid duplication of effort.

• Contribute to the development and enhancement of control testing frameworks, methodologies, and reporting templates.
• Prepare assurance reports and dashboards summarizing testing results, thematic findings, and key observations for management and governance committees.
• Support continuous improvement of risk and control assurance processes through automation, data analytics, and continuous monitoring techniques.

• Stay abreast of evolving regulatory expectations, technology risk trends, and control assurance practices.
• Recommend enhancements to control frameworks and testing approaches based on lessons learned and industry developments.
• Promote a strong risk and control culture through engagement, awareness, and training initiatives.
• Contribute to the maturity of the 2LOD assurance function by driving consistency, efficiency, and insight in testing and review activities.

• Minimally 5 years of experience in technology/cybersecurity control assurance, or audit functions, preferably within financial institutions or regulated environments.
• Strong understanding of control frameworks (e.g., COSO, COBIT, ISO 27001, NIST) and risk management methodologies.
• Hands‑on experience in control testing, control design evaluation, and issue validation.
• Experience conducting thematic reviews and assessing control effectiveness against ORSA or equivalent self‑assessment frameworks.
• Familiarity with technology and operational risk domains such as cybersecurity, IT infrastructure, data security, and third‑party risk.
• Strong analytical and problem‑solving skills, with the ability to identify root causes and recommend pragmatic solutions.
• Excellent communication and stakeholder management skills, with the ability to articulate control issues and influence remediation outcomes.
• Proficiency in using data analytics or automation tools for control testing is a strong advantage.
• Professional certifications such as CISA, CRISC, CISSP, or equivalent are preferred.

Work at the Point of Impact. We need to be forward‑looking to attract the right people to help us become the Leading Global Long‑term Investor. Join our ambitious, agile, and diverse teams – be empowered to push boundaries and pursue innovative ideas, share your views, and be heard. Be anchored on our PRIME Values: Prudence, Respect, Integrity, Merit and Excellence, which guides us in how we make our day‑to‑day decisions. We strive to inspire. To make an impact.

Flexibility at GIC. At GIC, our offices are vibrant hubs for ideation, professional growth, and interpersonal connection. At the same time, we believe that flexibility allows us to do our best work and be our best selves. Thus, our teams come into the office four days per week to harness the benefits of in‑person collaboration, but have the flexibility to choose which days they work from home and adjust this arrangement as situational needs arise.

GIC is an equal opportunity employer. As an employer, we passionately believe every individual brings with them unique diversity of thought and perspectives to meaningfully enrich perspectives of GIC teams to drive competitive performance. An inclusive environment yields exceptional contribution.

Learn more about our Risk & Performance Management Department here:

GIC is a values driven organization. GIC’s PRIME Values act as our compass, enabling us to fulfill our fundamental purpose and objectives. It is the foundational bedrock which governs our behaviors, our decision making, and our focus. It informs both our long‑term strategy as a firm, and the way we relate to our client, business partners and employees. PRIME stands for Prudence, Respect, Integrity, Merit and Excellence.