Lead, IT Governance, Risk and Compliance

We are seeking an experienced Lead, IT Governance, Risk and Compliance to lead our Income Insurance Line 1 Technology GRC function. This role reports to the Head of IT Risk and Security and acts as a key communicator across technical and non-technical audiences, including Technology Risk Oversight, Audit, Executive Committee, Board, and Regulators. The successful candidate will mentor a team of GRC professionals, guiding them through scheduled and ad-hoc inspections and audits, and leveraging deep governance expertise to ensure robust control environments.

• Review and update internal IT policies/standards; communicate changes of internal policies/standards to staff and stakeholders.
• Develop and deliver cybersecurity training for staff, management, board of directors, agents and vendors.
• Track and manage deviations from IT policies and standards.
• Report on key information security risk metrics, including policy deviations and third-party assessments.
• Present technology and security risk updates to management and board committees.

• Lead regular risk assessments and continuous monitoring of technology risks, including emerging threats and new technologies.
• Manage technology risks related to third-party service providers and business partners.
• Oversee IT Risk Control Self-Assessment and Control Testing to evaluate the design and operating effectiveness of key controls.
• Communicate technology risks and mitigation strategies to relevant stakeholders, ensuring transparency and alignment.

• Facilitate regulatory engagements which include inspection, survey, query and ad-hoc requests from regulators related to IT division.
• Lead organisational self-assessments against technology and security related regulatory notices, circulars, guidelines and advisories.
• Coordinate external/internal audits and cybersecurity maturity assessment related to IT division.

• Drive enterprise access review activities, including roles to entitlements review, segregation of duties rules review, user access review.
• Drive the user administration activities review and SAP log review.

• Support enterprise-wide risk and compliance initiatives for the Technology division in specialised areas under information security, such as IAM, cloud security, application security, data security, AI security, etc.
• Promote information security best practices and continuous improvement.
• Champion ongoing staff learning and development on cybersecurity and technology risk domains.

• Degree or Diploma in Computer Science, Information Technology, or related field.
• Minimum 10 years’ experience in cybersecurity governance, risk monitoring, audit response, and compliance assessments.
• 2 - 4 years of team leading experience and managing teams of 8-10 members.
• Proven experience leading IT audits and regulatory inspections
• Background in financial industry, big tech or established auditing firms preferred.
• Strong knowledge of MAS Technology Risk Management, Cyber Hygiene, Outsourcing, and Business Continuity Management requirements.
• Familiarity with control frameworks (COBIT, NIST CSF, ISO 27001).
• Practitioner and holder of IT risk certifications (CISA, CRISC, CISSP).
• Proficiency in office productivity tools and business intelligence platforms (Microsoft Office, PowerBI, Archer, Tableau).
• Demonstrated ability to analyse risk and control issues, challenge the status quo, and drive pragmatic solutions.
• Track record in developing and driving information security awareness programs.
• Excellent interpersonal, coordination, communication, presentation, and writing skills.
• Meticulous, independent, and collaborative work style.