JOB DESCRIPTION

Position: Governance, Risk and Compliance Specialist
Duration:3 Years
Domain- Financial Services
Job Summary

As a Governance Risk and Compliance Specialist to join our team, this role is crucial in developing and maintaining a robust culture of technology and cybersecurity risk governance across our organization. The ideal candidate will have at least 5 years of relevant experience in ICT cybersecurity, data security, audit management, governance, and risk compliance management. You will be responsible for providing expert advice on cyber security requirements, reviewing and establishing ICT policies, and supporting various aspects of our tech governance framework. This role offers an opportunity to make a significant impact on our organization’s ICT risk management and governance practices. The successful candidate will work with cross-functional teams for maintaining the highest standards of cybersecurity and ICT compliance.

• Develop the culture of Tech risk governance and management across the organisation, and ensure proper accountability in the management, tracking and reporting of tech and cyber risks.
• Provide subject matter advice to internal stakeholders on cyber security requirements that the Authority is required to comply with, including Client’s internal policies and standards, as well as policies and standards from GovTech and Cyber Security Agency of Singapore.
• Review and establish ICT policies and process controls and conduct compliance checks.
• Support team lead and work with internal stakeholders to:
• Track and monitor tech projects and initiatives to meet compliance requirements.
• Track and monitor of Key Risk Indicators and Control Self-Assessment as part of Tech governance framework.
• Track and monitor incident reporting, including reviewing, monitoring, and reporting on the corrective measures and improvement areas.
• Participate in consultation and conduct gap analysis against new or revised requirements.
• Assess and seek waiver approvals for deviations and risk treatment strategies.
• Coordinate and facilitate IT / cyber security audits.
• Track remediation plans to address audit findings.
• Follow up on remediation actions, security and risk assessments with respective stakeholders and project and application managers.
• Work with Application System Managers to maintain a high degree of operating hygiene such as assisting in annual password change, assess and resolve vulnerabilities in security scans, vulnerabilities in penetration testing, OS patching, etc.
• Collaborate with Application System Managers to conduct risk assessment for the applications within the divisions; ensuring they adhere to the Instruction Manual 8 and applicable cyber clauses.
• Recommend the re-engineering and streaming of processes to enhance effectiveness of controls implemented.
• Present management reporting to stakeholders, with analysis of data and trends, and recommend next steps.
• Enhance training and other materials in ICT risk management, document case studies and good practices.

• Develop the culture of Tech risk governance and management across the organisation, and ensure proper accountability in the management, tracking and reporting of tech and cyber risks.
• Provide subject matter advice to internal stakeholders on cyber security requirements that the Authority is required to comply with, including Client’s internal policies and standards, as well as policies and standards from GovTech and Cyber Security Agency of Singapore.
• Review and establish ICT policies and process controls and conduct compliance checks.
• Support team lead and work with internal stakeholders to:
• Track and monitor tech projects and initiatives to meet compliance requirements.
• Track and monitor of Key Risk Indicators and Control Self-Assessment as part of Tech governance framework.
• Track and monitor incident reporting, including reviewing, monitoring, and reporting on the corrective measures and improvement areas.
• Participate in consultation and conduct gap analysis against new or revised requirements.
• Assess and seek waiver approvals for deviations and risk treatment strategies.
• Coordinate and facilitate IT / cyber security audits.
• Track remediation plans to address audit findings.
• Follow up on remediation actions, security and risk assessments with respective stakeholders and project and application managers.
• Work with Application System Managers to maintain a high degree of operating hygiene such as assisting in annual password change, assess and resolve vulnerabilities in security scans, vulnerabilities in penetration testing, OS patching, etc.
• Collaborate with Application System Managers to conduct risk assessment for the applications within the divisions; ensuring they adhere to the Instruction Manual 8 and applicable cyber clauses.
• Recommend the re-engineering and streaming of processes to enhance effectiveness of controls implemented.
• Present management reporting to stakeholders, with analysis of data and trends, and recommend next steps.
• Enhance training and other materials in ICT risk management, document case studies and good practices