IT Governance, Risk and Compliance Manager at NTUC INCOME INSURANCE COOPERATIVE LIMITED

, , Singapore -

Full Time

Start Date

Immediate

Expiry Date

10 Feb, 26

Salary

0.0

Posted On

12 Nov, 25

Experience

10 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Cybersecurity Governance, Risk Management, Compliance Assessments, IT Audits, Regulatory Inspections, Technology Risk Management, Control Frameworks, Information Security, IAM, Cloud Security, Application Security, Data Security, AI Security, Communication Skills, Interpersonal Skills, Analytical Skills

Industry

Insurance

Description

Responsibilities: IT Governance and Security Awareness Review and update internal IT policies/standards; communicate changes of internal policies/standards to staff and stakeholders. Develop and deliver cybersecurity training for staff, management, board of directors, agents and vendors. Track and manage deviations from IT policies and standards. Report on key information security risk metrics, including policy deviations and third-party assessments. Present technology and security risk updates to management and board committees. Technology Risk Management Lead regular risk assessments and continuous monitoring of technology risks, including emerging threats and new technologies. Manage technology risks related to third-party service providers and business partners. Oversee IT Risk Control Self-Assessment and Control Testing to evaluate the design and operating effectiveness of key controls. Communicate technology risks and mitigation strategies to relevant stakeholders, ensuring transparency and alignment. Technology Compliance and Assurance Facilitate regulatory engagements which include inspection, survey, query and ad-hoc requests from regulators related to IT division. Lead organisational self-assessments against technology and security related regulatory notices, circulars, guidelines and advisories. Coordinate external/internal audits and cybersecurity maturity assessment related to IT division. IT Access Review Drive enterprise access review activities, including roles to entitlements review, segregation of duties rules review, user access review. Drive the user administration activities review and SAP log review. Specialised Areas Governance Support enterprise-wide risk and compliance initiatives for the Technology division in specialised areas under information security, such as IAM, cloud security, application security, data security, AI security, etc. Promote information security best practices and continuous improvement. Champion ongoing staff learning and development on cybersecurity and technology risk domains. Requirements: Degree or Diploma in Computer Science, Information Technology, or related field. Minimum 10 years’ experience in cybersecurity governance, risk monitoring, audit response, and compliance assessments. 2 - 4 years of team leading experience and managing teams of 8-10 members. Proven experience leading IT audits and regulatory inspections Background in financial industry, big tech or established auditing firms preferred. Strong knowledge of MAS Technology Risk Management, Cyber Hygiene, Outsourcing, and Business Continuity Management requirements. Familiarity with control frameworks (COBIT, NIST CSF, ISO 27001). Practitioner and holder of IT risk certifications (CISA, CRISC, CISSP). Proficiency in office productivity tools and business intelligence platforms (Microsoft Office, PowerBI, Archer, Tableau). Demonstrated ability to analyse risk and control issues, challenge the status quo, and drive pragmatic solutions. Track record in developing and driving information security awareness programs. Excellent interpersonal, coordination, communication, presentation, and writing skills. Meticulous, independent, and collaborative work style.

How To Apply:

Incase you would like to apply to this job directly from the source, please click here

Responsibilities

The IT Governance, Risk and Compliance Manager is responsible for overseeing IT governance, security awareness, and technology risk management. This includes leading risk assessments, managing compliance with regulations, and promoting information security best practices across the organization.