Assistant Vice President Information and Technology Risk Manager (Control Assurance and Enablement)

Location: Singapore, SG

Job Function: Risk & Performance Management Department

Job Type: Permanent

GIC is one of the world’s largest sovereign wealth funds. With over 2,000 employees across 11 locations around the world, we invest in more than 40 countries globally across asset classes and businesses. Working at GIC gives you exposure to an extraordinary network of the world’s industry leaders. As a leading global long-term investor, we Work at the Point of Impact for Singapore’s financial future, and the communities we invest in worldwide.

Risk and Performance Management Department (RPMD) We work collaboratively across teams to help guard against blind spots and ensure that all relevant risks are considered and duly addressed.

Information & Technology Risk Management

You will be a part of a team that independently protects the firm’s information technology assets, including business data, from external threats and operational risks, while supporting the firm’s digitalisation journey in a secure manner.

What will you do as an VP, Information & Technology Risk Manager?

As an Assistant Vice President, Information & Technology Risk Manager (Control Assurance & Enablement), you will operate as part of GIC’s Information & Technology Risk Management (ITRM) team on the Second Line of Defence (2LOD), providing independent assurance and oversight of control effectiveness across GIC’s technology and operational risk landscape.

You will be responsible for designing and executing control testing programs, conducting thematic reviews, and assessing the adequacy of control design and effectiveness against Operational Risk Self Assessments (ORSA). The role requires strong analytical capability, sound judgment, and the ability to translate assurance findings into actionable insights that strengthen GIC’s overall control environment.

• Develop and execute independent control testing to review the design and operating effectiveness of key controls and processes across technology, information and cybersecurity risk domains, including Artificial Intelligence (AI).
• Perform end-to-end control testing across areas such as cybersecurity, IT infrastructure, data management, AI and information risk.
• Validate the adequacy of control evidence, identify control gaps, and assess residual risk.
• Ensure testing methodologies align with internal policies, regulatory expectations, and industry standards.
• Maintain comprehensive documentation of test plans, results, and conclusions in accordance with audit-quality standards.

• Conduct thematic reviews on key risk areas to identify systemic control weaknesses, emerging risks, and opportunities for improvement.
• Review and provide oversight to the assessments performed by the First Line of Defence (1LOD) as part of the ORSA process.
• Evaluate the consistency, completeness, and accuracy of ORSA results, ensuring alignment with GIC’s risk appetite and control framework.
• Provide independent assurance on the robustness of control self-assessments and the adequacy of risk mitigation measures.

• Provide independent oversight to 1LOD risk assessments, control testing, and remediation plans.
• Support the identification of key risk themes and control trends through data analysis and cross-functional insights.
• Partner with internal audit and other assurance functions to ensure coordinated coverage and avoid duplication of effort.
• Contribute to the development and enhancement of control testing frameworks, methodologies, and reporting templates.
• Prepare assurance reports and dashboards summarizing testing results, thematic findings, and key observations for management and governance committees.
• Support continuous improvement of risk and control assurance processes through automation, data analytics, and continuous monitoring techniques.

• Stay abreast of evolving regulatory expectations, technology risk trends, and control assurance practices.
• Recommend enhancements to control frameworks and testing approaches based on lessons learned and industry developments.
• Promote a strong risk and control culture through engagement, awareness, and training initiatives.
• Contribute to the maturity of the 2LOD assurance function by driving consistency, efficiency, and insight in testing and review activities.

• Minimally 5 years of experience in technology/cybersecurity control assurance, or audit functions, preferably within financial institutions or regulated environments.
• Strong understanding of control frameworks (e.g., COSO, COBIT, ISO 27001, NIST) and risk management methodologies.
• Hands-on experience in control testing, control design evaluation, and issue validation.
• Experience conducting thematic reviews and assessing control effectiveness against ORSA or equivalent self-assessment frameworks.
• Familiarity with technology and operational risk domains such as cybersecurity, IT infrastructure, data security, and third-party risk.
• Strong analytical and problem-solving skills, with the ability to identify root causes and recommend pragmatic solutions.
• Excellent communication and stakeholder management skills, with the ability to articulate control issues and influence remediation outcomes.
• Proficiency in using data analytics or automation tools for control testing is a strong advantage.
• Professional certifications such as CISA, CRISC, CISSP, or equivalent are preferred.

Work at the Point of Impact We need to be forward-looking to attract the right people to help us become the Leading Global Long-term Investor. Join our ambitious, agile, and diverse teams - be empowered to push boundaries and pursue innovative ideas, share your views, and be heard. Be anchored on our PRIME Values: Prudence, Respect, Integrity, Merit and Excellence, which guides us in how we make our day-to-day decisions. We strive to inspire. To make an impact.

Flexibility at GIC We believe in flexibility to enable best work. Our teams work in offices as a vibrant hub for ideation, professional growth, and interpersonal connection, with a flexible arrangement for remote work as needs arise.

GIC is an equal opportunity employer We believe every individual brings unique diversity of thought and perspectives to enrich perspectives of GIC teams. An inclusive environment yields exceptional contribution.

Learn more about our Risk & Performance Management Department here: