IT Risk and Assurance Manager

Overview:

The IT Risk & Assurance Manager is a critical role responsible for leading and executing a wide range of internal and external IT audits, regulatory compliance reviews, and due diligence activities. You will provide expert advisory services to senior management, evaluating the effectiveness of the control environment, identifying key risks, and delivering actionable recommendations that enhance operational efficiency and mitigate threats. This position requires a professional with deep technical expertise in IT controls, regulatory frameworks like MAS and ABS guidelines, and a proven track record in high-stakes environments such as M&A transactions.

Key Responsibilities:

IT & Business Process Audits:

• Lead and execute end-to-end external and internal IT audits and business process reviews for critical business areas and their supporting applications.
• Conduct in-depth walkthroughs of business processes to identify inherent risks and evaluate the design and effectiveness of key management controls.
• Assess and test the internal control environment, evaluate the results of test work, and develop clear, concise recommendations to mitigate residual risks.
• Communicate audit findings, risk implications, and strategic recommendations to key management and stakeholders.

Regulatory & Third-Party Assurances

• Lead third-party audit engagements (OSPAR), assessing entity-level controls, general IT controls (GITC), and service controls against the Association of Banks in Singapore (ABS) Outsourcing Guidelines.
• Conduct comprehensive regulatory compliance reviews, providing expert recommendations to ensure adherence to MAS Technology Risk Management (TRM) Guidelines and Cyber Hygiene Notices.
• Oversee the delivery of Service Organisation Control (SOC 1/SOC 2) and ISAE/SSAE 3402 assurance reports, ensuring quality and compliance.

Qualifications & Experience:

• Bachelor's degree in Information Technology, Computer Science, Accounting, Business, or a related field.
• 5-7+ years of progressive experience in IT audit, risk management, cybersecurity, or technology consulting.
• Proven experience leading internal/external audits and risk assessments from planning to reporting.
• Demonstrable experience conducting IT due diligence for M&A transactions (experience with 5+ deals is highly desirable).
• In-depth knowledge of regulatory frameworks, specifically MAS TRM Guidelines, Cyber Hygiene Notices, and ABS Outsourcing Guidelines.
• Hands-on experience in delivering SOC 1/SOC 2 or ISAE/SSAE 3402 assurance reports.
• Experience with ERP and HRIS systems (e.g., SAP, Workday) and their associated control environments is a strong plus.
• Professional certification such as CISA, CISM, CRISC, or CISSP is highly preferred.

Skills & Competencies:

• Strategic & Analytical Mindset: Ability to see the big picture, connect disparate risks, and provide strategic advice.
• Stakeholder Management: Excellent communication and interpersonal skills, with the ability to articulate complex technical issues to senior, non-technical audiences.
• Leadership & Project Management: Proven ability to lead audit engagements and cross-functional projects effectively.
• Business Acumen: Strong understanding of business processes and the ability to align IT risk with business objectives.
• Attention to Detail: Meticulous approach to testing, documentation, and reporting.
• Integrity & Professionalism: Unquestionable ethical standards and the ability to handle confidential information with discretion.