Create Alert
Apply now »

VP, Information & Technology Risk Manager (Data & Applications Risk Oversight)

Location: 

Singapore, SG

Job Function:  Risk & Performance Management Department
Job Type:  Permanent
Req ID:  16965

GIC is one of the world’s largest sovereign wealth funds. With over 2,000 employees across 11 locations around the world, we invest in more than 40 countries globally across asset classes and businesses. Working at GIC gives you exposure to an extraordinary network of the world’s industry leaders. As a leading global long-term investor, we Work at the Point of Impact for Singapore’s financial future, and the communities we invest in worldwide.

 

Risk and Performance Management Department (RPMD)
We work collaboratively across teams to help guard against blind spots and ensure that all relevant risks are considered and duly addressed.


Information & Technology Risk Management 


You will be a part of a team that independently protects the firm’s information technology assets, including business data, from external threats and operational risks, while supporting the firm’s digitalisation journey in a secure manner.

 

What will you do as an VP, Information & Technology Risk Manager? 

 

As an Information & Technology Risk Manager (Data & Applications Risk Oversight) in GIC, you will operate as part of the Second Line of Defence (2LOD), providing independent oversight, assurance, and challenge over technology risk management activities across GIC.

 

You will bring deep expertise in technology risk management, with a focus on data security, application security, and technology control effectiveness. The role ensures that data and application-related risks are effectively identified, assessed, and managed in alignment with GIC’s risk appetite, regulatory expectations, and industry best practices.

 

Data Risk Oversight

 

  • Provide independent oversight of data risk management practices, ensuring effective governance across data lifecycle activities including data acquisition, storage, processing, and usage.
  • Review and challenge data management controls covering data quality, classification, retention, and protection.
  • Assess the adequacy of data security measures, including encryption, access management, and data loss prevention.
  • Evaluate compliance with data-related regulatory requirements and internal policies (e.g., data privacy, cross-border data transfer, and data ethics).
  • Partner with data security and architecture teams to strengthen enterprise data management frameworks and control standards.

 

Applications Risk Oversight

 

  • Oversee application risk management activities, focusing on control design and effectiveness across the software development lifecycle (SDLC) and production environments.
  • Review and challenge application security controls, including secure coding, vulnerability management, and change management processes.
  • Assess the adequacy of controls for critical business applications, ensuring resilience, integrity, and availability.
  • Evaluate risks arising from application integrations, APIs, and data interfaces, ensuring appropriate segregation of duties and access controls.
  • Support the development of application risk metrics and dashboards for management reporting.

 

Technology Risk Oversight

  • Provide independent oversight of technology risk management activities performed by the First Line of Defence (1LOD).
  • Review and challenge risk assessments, control testing, and remediation plans across key technology domains including cloud, infrastructure, and cybersecurity.
  • Contribute to the enhancement of GIC’s technology risk frameworks, policies, and standards.
  • Advise on emerging technology risks such as automation, data analytics, and AI adoption, ensuring alignment with regulatory and industry standards.

 

Independent Oversight and Assurance

  • Conduct thematic and targeted reviews to assess the adequacy and effectiveness of data and application controls.
  • Provide independent challenge to 1LOD risk assessments, control testing, and mitigation strategies.
  • Partner with internal audit and other assurance functions to ensure comprehensive coverage of technology risk areas.
  • Report key risk exposures, control weaknesses, and emerging issues to senior management and governance committees.

 

Incident Oversight and Continuous Improvement

  • Oversee significant data or application-related incidents, ensuring proper escalation, root cause analysis, and remediation follow-up.
  • Ensure lessons learned are embedded into risk management practices and control enhancements.
  • Stay abreast of evolving regulatory expectations and industry developments in data and application risk management.
  • Drive continuous improvement in oversight practices and promote a strong risk culture across technology and business teams.

 

What qualifications or skills should you possess in this role? 

  • 8–12 years of experience in technology risk management, assurance, or audit functions, preferably within financial institutions or regulated environments.
  • Strong expertise in AI, data and application risk management, with a solid understanding of control frameworks, risk methodologies, and emerging technology domains.
  • Proven experience in assessing application and data-related controls, including SDLC, data governance, and access management.
  • Familiarity with technology and data risk frameworks (e.g., MAS TRM, ISO 27001, NIST, COBIT, DAMA-DMBOK).
  • Strong understanding of regulatory expectations related to data protection, privacy, and technology risk management.
  • Excellent analytical, communication, and stakeholder management skills, with the ability to influence senior management and technical teams.
  • Strong organizational and problem-solving skills, with the ability to manage multiple priorities in a dynamic environment.
  • Commitment to continuous learning and staying current with evolving data, application, technology and AI risk landscapes.

 

Work at the Point of Impact
We need to be forward-looking to attract the right people to help us become the Leading Global Long-term Investor. Join our ambitious, agile, and diverse teams - be empowered to push boundaries and pursue innovative ideas, share your views, and be heard. Be anchored on our PRIME Values: Prudence, Respect, Integrity, Merit and Excellence, which guides us in how we make our day-to-day decisions. We strive to inspire. To make an impact.

 

Flexibility at GIC
At GIC, our offices are vibrant hubs for ideation, professional growth, and interpersonal connection.  At the same time, we believe that flexibility allows us to do our best work and be our best selves.  Thus, our teams come into the office four days per week to harness the benefits of in-person collaboration, but have the flexibility to choose which days they work from home and adjust this arrangement as situational needs arise.

 

GIC is an equal opportunity employer 
As an employer, we passionately believe every individual brings with them unique diversity of thought and perspectives to meaningfully enrich perspectives of GIC teams to drive competitive performance. An inclusive environment yields exceptional contribution.

 

Learn more about our Risk & Performance Management Department here:

https://gic.careers/group/risk-performance-management/

 

Our PRIME Values

Our PRIME Values

GIC is a values driven organization. GIC’s PRIME Values act as our compass, enabling us to fulfil our fundamental purpose and objectives. It is the foundational bedrock which governs our behaviors, our decision making, and our focus. It informs both our long-term strategy as a firm, and the way we relate to our Client, business partners and employees. PRIME stands for Prudence, Respect, Integrity, Merit and Excellence. 

Apply now »