VP/SVP, Information & Technology Risk Manager (Control Assurance & Enablement)
Singapore, SG
GIC is one of the world’s largest sovereign wealth funds. With over 2,000 employees across 11 locations around the world, we invest in more than 40 countries globally across asset classes and businesses. Working at GIC gives you exposure to an extraordinary network of the world’s industry leaders. As a leading global long-term investor, we Work at the Point of Impact for Singapore’s financial future, and the communities we invest in worldwide.
Risk and Performance Management Department (RPMD)
We work collaboratively across teams to help guard against blind spots and ensure that all relevant risks are considered and duly addressed.
Information & Technology Risk Management
You will be a part of a team that independently protects the firm’s information technology assets, including business data, from external threats and operational risks, while supporting the firm’s digitalisation journey in a secure manner.
What will you do as a VP/SVP, Information & Technology Risk Manager (Control Assurance & Enablement)?
You will lead GIC's Control Assurance function within ITRM in the Second Line of Defence (2LOD). The function provides independent assurance over the effectiveness of technology and operational risk controls across the firm. You will run the team from day one, set its direction, and grow its capability as the remit expands. This is a senior technical role: it calls for strong hands-on expertise in control assurance, sound judgment on complex issues, and the credibility to work effectively with control owners, other risk functions, internal audit, and senior management.
Day-to-day, you will lead control assurance engagements, thematic reviews, and validation work covering technology, cybersecurity, information, and AI risk. You will work closely with the first line to give a fair, independent view of where controls stand, and with internal audit and other assurance functions to keep coverage aligned. You will also present findings and views to senior management and to governance and risk committees and help shape the methodologies and standards the function uses.
Key Responsibilities
Technical Leadership and Subject Matter Expertise
- Serve as the senior point of expertise on technology, information, and cybersecurity control assurance, providing independent challenge and practical advice to first-line leaders, control owners, and other risk professionals.
- Scope, plan, and run complex and sensitive assurance engagements, setting the standard for quality and rigour within the team.
- Manage and develop the Control Assurance team, including setting priorities and building technical depth.
- Own the risk-based annual assurance plan and coverage decisions, informed by the firm's risk profile and emerging threats, and coordinate scope with internal audit and other assurance functions to avoid duplication.
Control Design Testing and Assurance
- Design and run independent testing to assess the design effectiveness of key controls across technology, information, cybersecurity, and AI risk, involving control owners early so testing is well-scoped and useful.
- Lead end-to-end control assurance across cybersecurity, IT infrastructure, data management, AI, and information risk, with a focus on depth, quality, and delivery on time.
- Ensure testing aligns with internal policies, regulatory expectations, and industry standards, and that test plans, results, and conclusions are documented to an audit-ready standard.
Thematic Reviews and ORSA (Operational Risk Self - Assessment) Control Validation
- Run thematic reviews on key risk areas to identify systemic control weaknesses, emerging risks, and improvement opportunities across the firm.
- Provide independent oversight of and challenge to the First Line of Defence (1LOD) assessments produced through the Operational Risk Self-Assessment (ORSA) process, and work with 1LOD teams to improve the quality and consistency of what they produce.
- Assess ORSA results across the firm for consistency, completeness, and accuracy, and check that they line up with GIC's risk appetite and control framework.
- Give senior management and committees an independent view on how robust the control self-assessments are and whether mitigation measures are adequate.
Risk Oversight and Governance
- Provide senior-level oversight of and challenge to 1LOD risk assessments, control testing, and remediation plans; work with control owners to agree workable fixes; and escalate significant issues when needed.
- Draw out key risk themes and control trends from testing results and data analysis to inform senior management and Board reporting.
- Maintain effective working relationships with internal audit, and other assurance functions so that coverage is coordinated and effort is not duplicated.
- Write assurance reports and produce dashboards covering testing results, thematic findings, and key observations for management and governance committees, and present them in person where required.
- Improve how the function operates over time, including through automation, data analytics, and continuous monitoring.
Continuous Improvement and Risk Culture
- Keep up with best industry standards, technology risk trends, and developments in control assurance, and feed relevant changes into the function's methods and tools.
- Refine control frameworks and testing approaches based on lessons learned, thematic findings, and industry practice.
- Support a strong risk and control culture across the firm through senior engagement, awareness sessions, and knowledge sharing with 1LOD and other risk functions.
- Raise the maturity of the 2LOD assurance function by making testing and review activities more consistent, efficient, and insightful over time.
What qualifications or skills should you possess in this role?
- 12+ years in technology or cybersecurity control assurance or audit, ideally within financial institutions or other regulated environments, with a solid track record as a hands-on senior practitioner.
- Strong, demonstrable expertise in control testing, control design evaluation, and issue validation on complex, high-risk engagements.
- Working knowledge of control frameworks such as COSO, COBIT, ISO 27001, and NIST, and of risk management methodologies, with the ability to set internal standards.
- Proven experience conducting thematic reviews and assessing control effectiveness against ORSA or equivalent self-assessment frameworks.
- Good working knowledge of technology and operational risk areas including cybersecurity, IT infrastructure, data security, AI, and third-party risk.
- Strong analytical and problem-solving skills, with the ability to get to root causes and land practical solutions.
- Strong written and verbal communication, with a track record of advising and influencing senior management, committees, and control owners.
- Proven ability to manage and develop a team of senior technical practitioners in a specialist function.
- Experience using data analytics or automation to modernise control testing is a plus.
- Professional certifications such as CISA, CRISC, CISSP, or equivalent are strongly preferred.
Work at the Point of Impact
We need to be forward-looking to attract the right people to help us become the Leading Global Long-term Investor. Join our ambitious, agile, and diverse teams - be empowered to push boundaries and pursue innovative ideas, share your views, and be heard. Be anchored on our PRIME Values: Prudence, Respect, Integrity, Merit and Excellence, which guides us in how we make our day-to-day decisions. We strive to inspire. To make an impact.
Flexibility at GIC
At GIC, our offices are vibrant hubs for ideation, professional growth, and interpersonal connection. At the same time, we believe that flexibility allows us to do our best work and be our best selves. Thus, our teams come into the office four days per week to harness the benefits of in-person collaboration, but have the flexibility to choose which days they work from home and adjust this arrangement as situational needs arise.
GIC is an equal opportunity employer
As an employer, we passionately believe every individual brings with them unique diversity of thought and perspectives to meaningfully enrich perspectives of GIC teams to drive competitive performance. An inclusive environment yields exceptional contribution.
Learn more about our Risk & Performance Management Department here: