IT Risk & Assurance Manager

Job Description : IT Risk & Assurance Manager

The IT Risk & Assurance Manager is a critical role responsible for leading and executing a wide range of internal and external IT audits, regulatory compliance reviews, and due diligence activities. You will provide expert advisory services to senior management, evaluating the effectiveness of the control environment, identifying key risks, and delivering actionable recommendations that enhance operational efficiency and mitigate threats. This position requires a professional with deep technical expertise in IT controls, regulatory frameworks like MAS and ABS guidelines, and a proven track record in high-stakes environments such as M&A transactions.

Key Responsibilities :

IT & Business Process Audits :

Lead and execute end-to-end external and internal IT audits and business process reviews for critical business areas and their supporting applications.

Conduct in-depth walkthroughs of business processes to identify inherent risks and evaluate the design and effectiveness of key management controls.

Assess and test the internal control environment, evaluate the results of test work, and develop clear, concise recommendations to mitigate residual risks.

Communicate audit findings, risk implications, and strategic recommendations to key management and stakeholders.

Regulatory & Third-Party Assurance :

Lead third-party audit engagements (OSPAR), assessing entity-level controls, general IT controls (GITC), and service controls against the Association of Banks in Singapore (ABS) Outsourcing Guidelines.

Conduct comprehensive regulatory compliance reviews, providing expert recommendations to ensure adherence to MAS Technology Risk Management (TRM) Guidelines and Cyber Hygiene Notices.

Oversee the delivery of Service Organisation Control (SOC 1 / SOC 2) and ISAE / SSAE 3402 assurance reports, ensuring quality and compliance.

Qualifications & Experience :

Bachelor's degree in Information Technology, Computer Science, Accounting, Business, or a related field.

5-7+ years of progressive experience in IT audit, risk management, cybersecurity, or technology consulting.

Proven experience leading internal / external audits and risk assessments from planning to reporting.

Demonstrable experience conducting IT due diligence for M&A transactions (experience with 5+ deals is highly desirable).

In-depth knowledge of regulatory frameworks, specifically MAS TRM Guidelines, Cyber Hygiene Notices, and ABS Outsourcing Guidelines.

Hands-on experience in delivering SOC 1 / SOC 2 or ISAE / SSAE 3402 assurance reports.

Experience with ERP and HRIS systems (e.g., SAP, Workday) and their associated control environments is a strong plus.

Professional certification such as CISA, CISM, CRISC, or CISSP is highly preferred.