Technology Governance Strategy & Leadership
-
Define and lead the enterprise-wide technology governance strategy.
-
Oversee the establishment and maintenance of IT governance frameworks aligned to business goals and risk appetite.
-
Lead a team of specialists in policy development, risk governance, regulatory compliance, and technology assurance.
-
Serve as the primary interface with senior stakeholders, auditors, and regulators on governance matters.
Policy & Standards Management
-
Develop and maintain technology policies, standards, and guidelines aligned with regulatory requirements (e.g., MAS TRM, ISO 27001, NIST).
-
Ensure policies remain relevant through periodic reviews, incorporating regulatory updates and emerging technology risks.
-
Embed governance requirements into technology lifecycle and project management practices.
IT Risk & Control Oversight
-
Define risk tolerances and ensure governance structures support consistent risk assessment and treatment.
-
Oversee the implementation and continuous improvement of IT general controls (ITGC), including access, change, and incident management.
-
Provide second-line challenge and oversight of first-line technology risk assessments and controls testing.
4. Regulatory Compliance & Audit Readiness
-
Ensure compliance with applicable laws, regulations, and internal policies (e.g., MAS, GDPR, PDPA).
-
Coordinate responses to internal/external audits and regulatory inspections.
-
Track and report risk issues, audit findings, and remediation progress to senior management and board committees.
5. Assurance & Monitoring
-
Lead ongoing compliance monitoring and assurance activities to validate adherence to policies and standards.
-
Define and report on key governance and risk indicators (KGIs/KRIs) to senior stakeholders.
-
Implement continuous controls monitoring and automation for real-time assurance.
6. Stakeholder Engagement & Culture Building
-
Collaborate with Information Security, Risk, Legal, Compliance, and IT to promote a strong governance and risk culture.
-
Drive awareness, education, and communication initiatives to embed governance accountability across technology teams.
Requirements
-
Bachelor's or Master's degree in Information Technology, Information Security, Risk Management, or related field.
-
12+ years of experience in IT governance, technology risk, or audit functions, with at least 5 years in leadership.
-
Strong knowledge of regulatory frameworks (e.g., MAS TRM, GDPR), IT standards (e.g., COBIT, ISO27001, NIST).
-
Proven experience in policy management, compliance oversight, and control frameworks.
-
Strong leadership, stakeholder management, and communication skills.
-
Relevant certifications such as CISA, CRISC, CGEIT, CISSP, or equivalent.
Morgan Mckinley Pte Ltd
Pam Lim
EA Licence No: 11C5502
EAP Registration No: R1106192
