You will play a critical role in maintaining the organisation's IT governance framework, ensuring policies, controls, and operational processes remain aligned with regulatory requirements, client expectations, and industry best practices.
Working closely with IT, Security, Operations, Legal, and Compliance teams, you will help drive governance initiatives, coordinate audits, manage policy frameworks, support regulatory requests, and ensure key technology assets and obligations are proactively monitored and maintained.
This is not a hands-on cybersecurity engineering role. The focus is on governance, compliance, risk management, documentation, and regulatory readiness.
Key ResponsibilitiesIT Governance & Policy Management
- Maintain and enhance the organisation's IT governance framework and policy library
- Conduct periodic reviews of policies, standards, and procedures
- Monitor policy compliance and coordinate remediation activities where required
- Develop and maintain SOPs, process documentation, and governance records
- Identify process improvement opportunities and drive governance best practices
Compliance, Audit & Regulatory Support
- Support responses to regulatory requests and compliance reviews
- Manage client due diligence questionnaires (DDQs), security assessments, and third-party risk enquiries
- Coordinate audit activities and maintain evidence repositories for internal and external audits
- Track regulatory developments and assess their impact on existing controls and policies
- Collaborate with stakeholders to ensure ongoing compliance with applicable standards and regulations
Risk & Vendor Governance
- Maintain and update the IT risk register
- Track risk treatment plans, mitigation activities, and review cycles
- Support vendor risk assessments and ongoing third-party governance activities
- Assist with business continuity and disaster recovery planning initiatives
Asset, Certificate & Lifecycle Management
- Maintain inventories of certificates, software licences, domains, subscriptions, and IT assets
- Track renewal schedules and coordinate timely renewals with internal stakeholders and external vendors
- Ensure critical technology assets remain compliant and operational
Security Awareness & Training
- Coordinate security awareness initiatives and compliance training programmes
- Monitor completion rates and reporting metrics
- Support onboarding activities related to IT governance and acceptable use policies
Essential
- Bachelor's Degree in Information Technology, Computer Science, Information Systems, Business, Risk Management, or a related discipline
- Minimum 5 years of experience in IT Governance, Technology Risk, IT Compliance, GRC, Information Security Governance, or related functions
- Strong knowledge of governance and compliance frameworks such as ISO 27001, SOC 2, MAS TRM, NIST, or equivalent
- Experience supporting audits, regulatory reviews, compliance assessments, and client due diligence processes
- Demonstrated experience managing policy lifecycles, governance documentation, and compliance evidence
- Strong stakeholder management and communication skills
- Excellent documentation, reporting, and organisational capabilities
- Comfortable leveraging AI-assisted productivity tools to improve documentation and operational efficiency
Preferred
- Professional certifications such as CISA, CRISC, ISO 27001 Lead Auditor/Implementer, CISSP, or CompTIA Security+
- Experience within financial services, fintech, banking, capital markets, or other regulated industries
- Exposure to technology risk management, vendor governance, business continuity, and operational resilience programmes
