IT Risk & Compliance Specialist (IT Governance)

We are seeking an experienced IT Risk & Compliance professional to serve as a key liaison between the first, second, and third lines of defense. This role is responsible for overseeing technology-related risk management, audit coordination, and regulatory compliance, ensuring alignment with industry standards, internal policies, and regulatory frameworks.

• Act as the primary contact for all IT risk, audit, and regulatory compliance matters, working closely with internal stakeholders across the lines of defense.
• Collaborate with the second line of defense to implement and drive strategic initiatives that strengthen the firm’s risk management capabilities and awareness across technology domains.
• Proactively identify and escalate emerging technology risks by leveraging internal frameworks, including risk event reporting, issue tracking, and control monitoring tools.
• Provide guidance to business and technology stakeholders on IT and cybersecurity risk obligations, enabling effective risk mitigation strategies.
• Coordinate and facilitate IT compliance reviews, self-assessments, risk awareness programs, and other assurance activities across the firm.
• Lead efforts around risk and control self-assessment (RCSA), key risk indicator (KRI) monitoring, incident response coordination, and service availability management.
• Partner with relevant teams to evaluate, streamline, and enhance IT and cyber risk processes through process optimization and control improvements.
• Manage internal and external IT audits, regulatory inspections, and responses to regulatory requests, including the preparation of materials and engagement with regulators.
• Oversee audit remediation planning and verification of corrective actions in collaboration with business and technology stakeholders.
• Communicate new and updated IT policies and standards effectively across the organization to ensure compliance and awareness.
• Prepare regular and ad-hoc reports for management and regulatory authorities, providing transparency on risk posture and control effectiveness.
• Contribute to the continuous enhancement of the firm’s cyber and IT risk management capabilities through innovation, automation, and process maturity.

• Minimum of 7 years of experience in IT governance, technology risk management, or compliance roles, preferably within the financial services or payments industry.
• Strong familiarity with regulatory frameworks such as MAS Technology Risk Management Guidelines, CCOP, and the Payment Services Act.
• Proven experience in IT/cyber operations, governance, audit, or regulatory compliance.
• Deep understanding of industry standards and risk management frameworks (e.g., ISO 27001, NIST, COBIT).
• Relevant certifications such as CISA, CISSP, CISM, CGEIT, or CRISC are highly advantageous.
• Demonstrated project management capabilities, with strong organizational and analytical skills.
• High attention to detail, with the ability to perform under pressure and meet tight deadlines.
• Strong interpersonal and communication skills, with the ability to influence and engage stakeholders at all levels.
• A proactive and independent mindset, coupled with a strong sense of accountability and process discipline.

If you are a results-oriented risk professional with a deep understanding of IT governance and regulatory compliance, we invite you to apply and contribute to the resilience and integrity of our technology landscape.

Reg. No. R1878306

EA License no.: 16S8066