The Business Risk team
Our team helps organisations tackle issues around governance, risk, and controls so that they can make strategic and risk-informed decisions. We support financial institutions and other businesses by conducting internal audits, assessing the effectiveness of their internal audit teams, reviewing internal controls, advising on regulatory compliance, and improving governance through enterprise risk management.
At the heart of our young and dynamic team is a growth mindset. The non-silo culture allows our team to openly bring up questions and ideas to the leaders. In turn, our leaders are dedicated to helping our team nurture their skills and grow in their careers. During peak periods, our team work closely together and support one another to bring value to clients in a timely manner. The team primarily works with clients in the financial services industry and projects may entail cross-border collaboration with other GT member firms and international travel.
The role
In this position, you will work closely with the team to plan and execute projects and you will play a key role in the successful delivery of services to clients. You will be able to gain experience in a great variety of work under the coaching of your leaders. You will be given the autonomy to work independently and to guide junior members of the team. The seniority of role offered will be determined by relevant experience and skills.
Responsibilities
- Conduct assessments on client’s information technology (“IT”) infrastructure, system and processes including identifying key or emerging risks and gaps against related MAS regulations (i.e., technology risk management, cyber hygiene and PDPA)
- Leading and executing projects or engagements for a variety of clients, including planning, interviews/workshops with key stakeholders/ senior management, including:
- Evaluating the design and operating effectiveness of technology and cyber risk management;
- Review and test IT general and application controls, system development and implementation and data conversion, including review over APIs and database integration; and
- Perform reviews over data protection and privacy.
- Communicating of identified observations/ gaps to key stakeholders or senior management, as well as providing industry leading practices on technology and cyber improvement opportunities
- Preparing written reports, organising closing meetings, wrapping up of work files, and supporting in the closure of the project or engagement
- Supporting the building and maintenance of client relationships and assisting management with business development for technology and cyber risk opportunities
- Keeping abreast of technology risk and cybersecurity regulations
Qualifications and requirements
- Recognised bachelor’s or master’s degree in IT or computer science or related IT specialisation;
- At least 3-5 years of technical experience in performing reviews over the following areas:
- Technology and cyber risk management including assessments against MAS Technology Risk Management, Cyber Hygiene and PDPA notices and guidelines;
- IT internal audit covering assessment of IT infrastructure, general and application controls review; or
- IT Governance and Security reviews.
- Knowledge on IT infrastructure and ability to understand ERP system configurations
- Experience implementation and integration of governance, risk and compliance tools is highly preferred
- Some work experience in a professional services/ consulting firm or industrial/commercial IT internal audit
- Professional qualification in IT risk, e.g., CISA or CIA
- Strong sense of accountability, good time management and project management skills
- Effective report writing skills, proficiency with MS Office, strong analytical and interpersonal skills
- Candidates with data visualisation and analytics skills will have an advantage
