IT Governance Manager

The NETS Group is a leading payments services group, enabling digital payments for merchants, consumers and banks across the entire payments value chain. 
 

The Group operates Singapore’s national debit scheme enabling customers of DBS Bank/POSB, HSBC, Maybank, OCBC Bank, Standard Chartered Bank and UOB to make payments using their ATM cards or mobile devices at more than 130,000 acceptance points in the country as well as online payments.

This IT Governance role is part of the Risk Management line 1.5 defense, working with Card Center Technology and Operations risk owners to ensure controls are effective and managed. The individual will be the primary interface for Card Center Audits and Governance matters, supporting the Head of Card Center to manage and respond to internal/external audit, MAS inspection requests and queries; and its follow-up action.

This role works closely with first, second and third lines-of-defence, and acting as an intermediary, advisor to the business stakeholders on matters related on Audit, Governance and Compliance (internal policy compliance & Regulatory compliance) to ensure risk are identified timely, managed and mitigated adequately.

Key Responsibilities

Technology Risk and Process Compliance

• Responsible for the management of risk and control self-assessments and enforcement of NETS Technology and Cyber related policies, processes and procedures.
• Work with stakeholders to execute policies, processes and procedures and facilitate effective IT and cyber-related-risk Process and Control arising from Audit Findings, Incidents/Operational Risk Events or Process improvement.
• Provide advisory on sound IT and cyber risk management matters, changes to MAS guidelines and notices, through timely updates to Senior Management
• Proactively engage in establishing IT Risk awareness within Technology aligning with the organization risk posture
• Partner and work with internal stakeholders to review, identify, streamline and implement process improvements with regards to IT and cyber risk management
• Work with stakeholders to ensure compliance by conducting regular assessments of the risk and gaps against with regulator’s notices, circulars and guidelines (such as, TRM, Cyber Hygiene), and work with Line 2 and Information Security to improve policies and processes to mitigate risks, minimize their impact to operations
• Prepare and provide data for risk analysis and reporting.

• Communicate and provide guidance of new IT policies and standards to relevant stakeholders.

Technology Audit Management

• Manage audits, reviews and regulatory inspections. Review the audit findings with key stakeholders to determine audit findings root cause, formulate action plans accordingly and verify remedial solutions for closure
• Liaison for audits, Risk and Compliance activities and providing support to Card Center audits.
• Manage audit lifecycle from start to end (eg kick off meeting, RFI, fieldwork, reporting and closure of audit findings).

Requirements

• Minimum 8 years of experience in risk with at least 5 years of experience specifically handling IT audits, risk and compliance, in an IT control function (preferably from financial/banking/payment industry)
• Open to candidates with experience in IT Risk and Control, IT audit, IT regulatory compliance who are keen to explore a career in IT Governance
• Strong knowledge of regulatory requirements and industry practices (e.g. NIST framework, MAS TRM Guidelines, MAS Cyber Hygiene, ISO 27001 standard)
• Experience in managing OSPAR audit, internal/external/regulatory audits and reviews
• Strong writing, communication and inter‐personal skills
• Attention to details, with the ability to thoroughly and accurately review IT policies, process and audit responses.
• Excellent problem-solving skills and ability to prioritize and manage multiple tasks
• Proactive team player with ability to work independently with minimal supervision

Network for Electronic Transfers (Singapore) Pte Ltd.