SVP, Head of Risk & Controls, Cybersecurity Resilience

GIC is one of the world’s largest sovereign wealth funds. With over 2,000 employees across 11 locations around the world, we invest in more than 40 countries globally across asset classes and businesses. Working at GIC gives you exposure to an extraordinary network of the world’s industry leaders. As a leading global long-term investor, we Work at the Point of Impact for Singapore’s financial future, and the communities we invest in worldwide.
 
Technology Group
We experiment, design, and lead a 24×7 global business where we support core capabilities in asset management, trading, investment operations, and risk management. We deliver secure, reliable, and integrated solutions, and provide insights on new, and emerging technologies. 
 

Cyber Security & Resilience

You will be a part of an independent risk management function to protect the firm’s information technology assets, including business data, from external threats and operational risks, and to facilitate the firm’s digitalisation journey in a secure manner.

What impact can you make in this role?

You'll play a critical role in this organization by leading the cyber security program management function and collaborating with senior stakeholders across multiple departments and functions. This role is responsible for overseeing the planning, execution, and governance of key cyber security initiatives to ensure alignment with business goals and regulatory requirements.
 

What will you do as the Head of Risk & Controls, Technology Group?  

• Risk Identification & Assessment:
• Lead ongoing identification, assessment, and analysis of technology risks across all domains, including cybersecurity, operational resilience, data privacy, cloud computing, third-party vendors, and emerging technologies (e.g., AI, IoT).
  
  
• Risk Mitigation & Control Implementation:
• Collaborate closely with technology teams (development, operations, infrastructure, security) to design, implement, and monitor controls required to mitigate identified risks.
• Provide expert guidance on zero-trust and secure-by-design principles, secure software development lifecycle (SSDLC), and operational best practices.
• Track and manage risk treatment plans, ensuring timely remediation of issues and vulnerabilities.
  
  
• Governance & Reporting:
• Establish robust risk governance processes within the technology department, including regular risk reviews, and preparation of risk insights for risk committees.
• Develop key risk indicators (KRIs) and key performance indicators (KPIs) to monitor the technology risk posture.
• Ensure accurate and timely reporting of technology risk incidents, issues, and control deficiencies.
  
  
• Compliance & Assurance:
• Ensure technology operations comply with internal policies, industry standards (e.g., NIST, ISO 27001, COBIT), and relevant regulatory requirements.
  
  
• Stakeholder Collaboration:
• Act as the primary point of contact for second-line risk, compliance/legal, and internal audit functions, representing the technology department.
• Foster strong relationships with technology leaders and teams, acting as a trusted advisor on risk matters.
• Collaborate with business units to understand their technology risk exposure and integrate risk considerations into business initiatives.
  
  
• Risk Culture & Training:
• Champion a strong risk-aware culture across the technology organization through training, awareness programs, and continual communications.
• Promote best practices in technology risk management and security hygiene.

What qualifications or skills should you possess in this role? 

• Minimum of 10+ years of progressive experience in technology, cybersecurity, or operational risk management roles within a complex organizational environment.
• At least 3-5 years in a leadership or senior management position, with demonstrated experience in building and managing risk programs.
• Proven experience working within a "three lines of defence" model, particularly in a first-line or "line 1.5" capacity.
• Strong understanding of modern technology stacks, cloud environments, DevSecOps practices, AI security risks, and agile methodologies.
• Experience with GRC (Governance, Risk, and Compliance) tools.
• Experience in a highly regulated industry (e.g., Financial Services, Healthcare).
  
  

Work at the Point of Impact
We need to be forward-looking to attract the right people to help us become the Leading Global Long-term Investor. Join our ambitious, agile, and diverse teams - be empowered to push boundaries and pursue innovative ideas, share your views, and be heard. Be anchored on our PRIME Values: Prudence, Respect, Integrity, Merit and Excellence, which guides us in how we make our day-to-day decisions. We strive to inspire. To make an impact.
 

GIC is a Great Place to Work
At GIC, our offices are vibrant hubs for ideation, professional growth, and interpersonal connection.  At the same time, we believe that flexibility allows us to do our best work and be our best selves.  Thus, our teams come into the office four days per week to harness the benefits of in-person collaboration, but have the flexibility to choose which days they work from home and adjust this arrangement as situational needs arise.    
 
GIC is an equal opportunity employer 
As an employer, we passionately believe every individual brings with them unique diversity of thought and perspectives to meaningfully enrich perspectives of GIC teams to drive competitive performance. An inclusive environment yields exceptional contribution.

Learn more about our Technology Group here: 
https://gic.careers/group/technology-group/