Assistant Manager, IT Compliance and Assurance

Responsibilities:

1. Audit Facilitation

• Coordinate end-to-end internal and external IT audits from planning to closure.
• Work with IT stakeholders to identify, review, and refine management self-identified issues (MSIIs).
• Review audit artefacts submitted by auditees to ensure adequacy, relevancy, and completeness.
• Support audit interviews and support IT stakeholders in addressing and challenging potential audit findings.
• Review management responses and track remediation status of findings.
• Provide audit updates for management and board reporting.

2. Regulatory Engagements

• Support and coordinate engagements with local regulators (e.g., MAS), including IT inspections, surveys, and supervisory reviews.
• Review and quality-check regulatory submissions to ensure relevancy and adequacy.
• Obtain IT management clearance prior to submission to regulators.
• Report IT-related incidents or regulatory breaches and maintain records within the GRC system.

3. Regulatory Compliance & Control Assessment

• Perform gap assessments against regulatory notices, guidelines, circulars, and frameworks.
• Conduct compliance self-assessments, control testing, and compliance risk assessments.
• Collaborate with control owners to address identified gaps and track remediation to completion.
• Provide regular remediation status updates for management and board reporting.

4. Third-Party Due Diligence

• Respond to IT-related due diligence questionnaires from business partners.
• Review and validate responses to ensure accuracy and assurance of IT control environment.

5. General Responsibilities

• Support ongoing business-as-usual (BAU) compliance and governance activities.
• Propose and drive continuous improvements in compliance monitoring processes.
• Undertake ad-hoc assignments as directed by the line manager or department head.
• Provide coverage support during team members’ absences.

Requirements:

• Diploma or Degree in Information Technology, Computer Science, or a related field.
• Possession of relevant professional certifications (e.g., CISA, CRISC, CISSP, ITIL, ISO/IEC 27001 Lead Auditor or Lead Implementer) is highly preferred.
• Minimum 5 years of relevant experience in IT governance, risk, compliance, or audit-related roles.
• Proven experience in managing IT audits and regulatory engagements.
• Familiarity with Singapore's technology-related regulatory requirements for financial institutions (e.g., MAS Technology Risk Management Guidelines and Notice, MAS Cyber Hygiene Notice, MAS Outsourcing Guidelines).
• Strong writing and documentation skills, particularly in formal reporting and issue management.
• Effective stakeholder engagement and interpersonal skills.
• Proactive, meticulous, and organized with strong analytical thinking.
• Able to work independently and collaboratively across teams.
• Skilled in managing multiple assignments with varying priorities.
• Strong sense of ownership and accountability.