IT Compliance & Governance Specialist – Marina bay HarborFront – Singapore


IT Compliance & Governance Specialist
Apply now Job no: 494252
Work type: Full-Time
Location: HarborFront Office
Categories: Information Technology- Audit
Develop- refine and implement information security policies- standards- procedures- checklists- and guidelines to meet the compliance and regulatory requirements
Review and update policies on yearly / quarterly basis
Coordinate and support IT compliance activities across technology and business projects
Develop and manage IT risk and security for multiple IT functional areas (e.g.- applications- systems- and network) across the organization
Execution of procedures and controls to assure compliance with applicable regulatory and legal requirements as well as good business practices
Lead and execute formal risk analysis and compliance self-assessments for various IT systems and processes and ensure assessments completed timel

Analyses delivery and operation processes and requirements to determine conformance to security policies and procedures

Identify tasks and controls necessary to remediate identified risks and vulnerabilities; negotiate dates for remediation to be complete

Support and track technology delivery and operation teams on remediation of new and outstanding issues
Identify- document- and assess information security vulnerabilities and risks in the information technology environment and identify systems affected
Inform stakeholders about compliance and security-related issues and activities affecting the assigned area or project
Support all IT aspects of external / internal reviews and audits (e.g.- SOX- PCI)
Work with delivery team in the preparation of the incident reporting
Work with Audit to ensure proper risk management and audit compliance
Develop and deliver IT risk & security awareness and compliance training programs
Provide risk and security briefings to advice on critical issues that may affect the business
Stay knowledgeable of current advances in all areas of information technology concerning vulnerabilities- security breaches or malicious attacks


At least 4 – 5 years of combined IT and security work experience with a broad range of exposure to systems analysis- application development- systems administration
Ability to work well with key business partners across sectors and internal IT teams in a collaborative manner
Strong communications skills to be able to interact with technical and non-technical colleagues
Strong interest in IT risk management and keep abreast of the dynamic threat landscape
Maintains an up-to-date understanding of industry best practices.
Working knowledge of security issues- techniques and implications across computer platforms.
Familiarity in one or more of the following areas: application security- OS system security- database security- networking- mobile device security- cloud technologies- payment card- and web technologies
Working knowledge of SDLC- Change Control- and SQA methodologies- techniques- and general principles
Working knowledge in performing risk assessments
Knowledge in the following standards / regulatory directives: ISO 27001- SOC1- SOC2- PCI DSS- Sarbanes-Oxley- PDPA- OWASP
Knowledge and experience in mapping 3rd party vendor procedures against SOX controls
ASQ Certified Quality Auditor (CQA) or Certified Software Quality Engineer (CSQE) desirable