Logo for GIC

Career Opportunities: AVP, Information & Technology Risk Manager (Audit Management) (17289)

Role overview

Qualifications

  • Bachelor’s degree in Information Technology, Computer Science, Information Systems, Risk Management, or a related field
  • Minimally 5 years of relevant experience in IT audit, IT risk, IT compliance, or a technology control/audit coordination role
  • Strong understanding of IT audit methodologies, IT general controls, and control frameworks (e.g. COBIT, NIST CSF, ISO/IEC 27001)
  • Professional certifications such as CISA (Certified Information Systems Auditor), CISM, or CIA are strongly preferred

Responsibilities

  • Act as the primary liaison between the regulator’s audit team and internal technology teams throughout the audit lifecycle
  • Gather, collate and manage audit evidence and supporting documentation requested by the regulatory audit team
  • Review and quality-assure management responses to audit observations and findings
  • Build strong relationships with regulators, technology teams and control owners to ensure consistent messaging and smooth audit delivery

Key facts

Other skills

  • Communication
  • Presentations
  • Detail Oriented

About the company

GIC logo

GIC

Financial Services

Established in 1981 to manage Singapore's foreign reserves, we strive to achieve good long-term real returns on assets under our management to preserve and enhance the value of Singapore's reserves. We have investments in over 40 countries and are headquartered in Singapore, with 11 offices in key financial cities worldwide.

Company details

Company typeLarge
IndustryFinancial Services
Company size1001 - 5000

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

 

Location: Singapore

Job Type: Permanent

Req ID: 17289 

 

GIC is one of the world’s largest sovereign wealth funds. With over 2,000 employees across 11 locations around the world, we invest in more than 40 countries globally across asset classes and businesses. Working at GIC gives you exposure to an extraordinary network of the world’s industry leaders. As a leading global long-term investor, we Work at the Point of Impact for Singapore’s financial future, and the communities we invest in worldwide.

 

Risk and Performance Management Department (RPMD)
We work collaboratively across teams to help guard against blind spots and ensure that all relevant risks are considered and duly addressed.


Information & Technology Risk Management

You will be a part of a team that independently protects the firm’s information technology assets, including business data, from external threats and operational risks, while supporting the firm’s digitalisation journey in a secure manner.

 

What will you do as an AVP, Information & Technology Risk Manager?

The Technology Governance Oversight – Audit Management Specialist will play a key role in managing the organization’s technology-related regulatory audits, serving as the central point of coordination between external regulatory audit teams and internal technology teams. The role is responsible for facilitating the timely and quality provision of audit evidence, reviewing evidence and responses for relevancy and completeness, and ensuring that audit observations are appropriately addressed. This second-line role focuses on strengthening the organization’s technology audit and control posture through effective engagement, review and challenge. The ideal candidate will have a strong understanding of IT audit requirements and technology processes, together with the technical ability to review system artefacts — including configurations at the operating system, database and application layers — and to assess whether evidence adequately demonstrates the controls being tested.

 

Regulatory Audit Liaison & Coordination

  • Act as the primary liaison between the regulator’s audit team and internal technology teams throughout the audit lifecycle.
  • Interpret and translate IT audit requirements and information requests from regulators into clear, actionable requests for the relevant internal technology teams.
  • Coordinate audit workstreams, timelines and deliverables across multiple internal stakeholders and control owners.
  • Organize and facilitate opening, progress-update and closing meetings between auditors and internal teams.

 

Evidence Management & Review

  • Gather, collate and manage audit evidence and supporting documentation requested by the regulatory audit team.
  • Review submitted evidence for relevancy, completeness, accuracy and quality before it is provided to auditors, ensuring it fully addresses the underlying request.
  • Review system artefacts and technical evidence — including configuration settings at the operating system, database and application layers — to assess whether they adequately demonstrate the control being evidenced.
  • Maintain a structured repository and tracker of all audit requests, evidence submitted, and outstanding items.

 

Review of Responses & Observations

  • Review and quality-assure management responses to audit observations and findings, ensuring they are complete, well-supported and appropriately address the issue raised.
  • Partner with business and technology teams to understand root causes, validate proposed corrective actions, and track remediation of findings through to closure.
  • Escalate significant issues, gaps or delays to team lead on a timely basis.

 

Stakeholder Engagement & Collaboration

  • Build strong relationships with regulators, technology teams and control owners to ensure consistent messaging and smooth audit delivery.
  • Support team lead in the regulatory audit engagements by executing assigned workstreams, preparing evidence and draft responses, and escalating issues to the engagement lead in a timely manner.
  • Collaborate with various stakeholders to embed sound audit-readiness and control practices into the organization’s culture.

 

What qualifications or skills should you possess in this role?  

  • Bachelor’s degree in Information Technology, Computer Science, Information Systems, Risk Management, or a related field.
  • Minimally 5 years of relevant experience in IT audit, IT risk, IT compliance, or a technology control / audit coordination role, ideally within financial services or large organizations.
  • Strong understanding of IT audit methodologies, IT general controls, and control frameworks (e.g. COBIT, NIST CSF, ISO/IEC 27001).
  • Hands-on familiarity with system environments and the ability to interpret and review configurations across operating systems, databases and applications.
  • Knowledge of the regulatory and industry standards such as the CSA Cybersecurity Code of Practice, MAS Notice and Guidelines on Technology Risk Management, MAS Notice on Cyber Hygiene, Singapore Government Instruction Manual on ICT and Smart Systems Management (IM8), and similar standards will be advantageous.
  • Professional certifications such as CISA (Certified Information Systems Auditor), CISM, or CIA are strongly preferred.
  • Excellent communication, presentation, and stakeholder management skills, with the ability to translate technical detail for non-technical audiences and vice versa.
  • Meticulous attention to detail with a critical, review-oriented mindset and sound judgement in assessing the sufficiency and relevance of evidence.

 

Work at the Point of Impact
We need to be forward-looking to attract the right people to help us become the Leading Global Long-term Investor. Join our ambitious, agile, and diverse teams - be empowered to push boundaries and pursue innovative ideas, share your views, and be heard. Be anchored on our PRIME Values: Prudence, Respect, Integrity, Merit and Excellence, which guides us in how we make our day-to-day decisions. We strive to inspire. To make an impact.

 

Flexibility at GIC
At GIC, our offices are vibrant hubs for ideation, professional growth, and interpersonal connection.  At the same time, we believe that flexibility allows us to do our best work and be our best selves.  Thus, our teams come into the office four days per week to harness the benefits of in-person collaboration, but have the flexibility to choose which days they work from home and adjust this arrangement as situational needs arise.

 

GIC is an equal opportunity employer 
As an employer, we passionately believe every individual brings with them unique diversity of thought and perspectives to meaningfully enrich perspectives of GIC teams to drive competitive performance. An inclusive environment yields exceptional contribution.

 

Learn more about our Risk & Performance Management Department here:

https://gic.careers/group/risk-performance-management/

 

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Risk Manager Related jobs

Other jobs at GIC

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.