AVP, Information & Technology Risk Manager (Audit Management)
Singapore, SG
GIC is one of the world’s largest sovereign wealth funds. With over 2,000 employees across 11 locations around the world, we invest in more than 40 countries globally across asset classes and businesses. Working at GIC gives you exposure to an extraordinary network of the world’s industry leaders. As a leading global long-term investor, we Work at the Point of Impact for Singapore’s financial future, and the communities we invest in worldwide.
Risk and Performance Management Department (RPMD)
We work collaboratively across teams to help guard against blind spots and ensure that all relevant risks are considered and duly addressed.
Information & Technology Risk Management
You will be a part of a team that independently protects the firm’s information technology assets, including business data, from external threats and operational risks, while supporting the firm’s digitalisation journey in a secure manner.
What will you do as an AVP, Information & Technology Risk Manager?
The Technology Governance Oversight – Audit Management Specialist will play a key role in managing the organization’s technology-related regulatory audits, serving as the central point of coordination between external regulatory audit teams and internal technology teams. The role is responsible for facilitating the timely and quality provision of audit evidence, reviewing evidence and responses for relevancy and completeness, and ensuring that audit observations are appropriately addressed. This second-line role focuses on strengthening the organization’s technology audit and control posture through effective engagement, review and challenge. The ideal candidate will have a strong understanding of IT audit requirements and technology processes, together with the technical ability to review system artefacts — including configurations at the operating system, database and application layers — and to assess whether evidence adequately demonstrates the controls being tested.
Regulatory Audit Liaison & Coordination
- Act as the primary liaison between the regulator’s audit team and internal technology teams throughout the audit lifecycle.
- Interpret and translate IT audit requirements and information requests from regulators into clear, actionable requests for the relevant internal technology teams.
- Coordinate audit workstreams, timelines and deliverables across multiple internal stakeholders and control owners.
- Organize and facilitate opening, progress-update and closing meetings between auditors and internal teams.
Evidence Management & Review
- Gather, collate and manage audit evidence and supporting documentation requested by the regulatory audit team.
- Review submitted evidence for relevancy, completeness, accuracy and quality before it is provided to auditors, ensuring it fully addresses the underlying request.
- Review system artefacts and technical evidence — including configuration settings at the operating system, database and application layers — to assess whether they adequately demonstrate the control being evidenced.
- Maintain a structured repository and tracker of all audit requests, evidence submitted, and outstanding items.
Review of Responses & Observations
- Review and quality-assure management responses to audit observations and findings, ensuring they are complete, well-supported and appropriately address the issue raised.
- Partner with business and technology teams to understand root causes, validate proposed corrective actions, and track remediation of findings through to closure.
- Escalate significant issues, gaps or delays to team lead on a timely basis.
Stakeholder Engagement & Collaboration
- Build strong relationships with regulators, technology teams and control owners to ensure consistent messaging and smooth audit delivery.
- Support team lead in the regulatory audit engagements by executing assigned workstreams, preparing evidence and draft responses, and escalating issues to the engagement lead in a timely manner.
- Collaborate with various stakeholders to embed sound audit-readiness and control practices into the organization’s culture.
What qualifications or skills should you possess in this role?
- Bachelor’s degree in Information Technology, Computer Science, Information Systems, Risk Management, or a related field.
- Minimally 5 years of relevant experience in IT audit, IT risk, IT compliance, or a technology control / audit coordination role, ideally within financial services or large organizations.
- Strong understanding of IT audit methodologies, IT general controls, and control frameworks (e.g. COBIT, NIST CSF, ISO/IEC 27001).
- Hands-on familiarity with system environments and the ability to interpret and review configurations across operating systems, databases and applications.
- Knowledge of the regulatory and industry standards such as the CSA Cybersecurity Code of Practice, MAS Notice and Guidelines on Technology Risk Management, MAS Notice on Cyber Hygiene, Singapore Government Instruction Manual on ICT and Smart Systems Management (IM8), and similar standards will be advantageous.
- Professional certifications such as CISA (Certified Information Systems Auditor), CISM, or CIA are strongly preferred.
- Excellent communication, presentation, and stakeholder management skills, with the ability to translate technical detail for non-technical audiences and vice versa.
- Meticulous attention to detail with a critical, review-oriented mindset and sound judgement in assessing the sufficiency and relevance of evidence.
Work at the Point of Impact
We need to be forward-looking to attract the right people to help us become the Leading Global Long-term Investor. Join our ambitious, agile, and diverse teams - be empowered to push boundaries and pursue innovative ideas, share your views, and be heard. Be anchored on our PRIME Values: Prudence, Respect, Integrity, Merit and Excellence, which guides us in how we make our day-to-day decisions. We strive to inspire. To make an impact.
Flexibility at GIC
At GIC, our offices are vibrant hubs for ideation, professional growth, and interpersonal connection. At the same time, we believe that flexibility allows us to do our best work and be our best selves. Thus, our teams come into the office four days per week to harness the benefits of in-person collaboration, but have the flexibility to choose which days they work from home and adjust this arrangement as situational needs arise.
GIC is an equal opportunity employer
As an employer, we passionately believe every individual brings with them unique diversity of thought and perspectives to meaningfully enrich perspectives of GIC teams to drive competitive performance. An inclusive environment yields exceptional contribution.
Learn more about our Risk & Performance Management Department here: