Assist in conducting due diligence on third-party service providers, focusing on their IT controls and risk management practices.
Review and analyze documentation related to third-party arrangements to ensure compliance with regulatory guidelines on outsourcing and non-outsourcing arrangements.
Identify potential risks and gaps in third-party IT controls and recommend mitigation strategies.
Support the execution of TPRM frameworks and other policies related to IT Outsourcing and Third Party Management, particularly those related to IT controls.
Collaborate with internal teams and third-party vendors to ensure ongoing compliance and effective risk management.
Stay informed about updates to regulations and industry best practices in TPRM and IT controls.
Prepare reports and presentations on TPRM assessments and findings.
Requirements :
Bachelor's degree in information technology, computer science, cybersecurity, risk management, or a related field.
4+ years of experience in risk management, IT controls, cybersecurity, or a related area.
Certifications such as Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC) are advantageous but not mandatory.
Strong analytical and problem-solving skills.
Excellent communication and interpersonal skills to work effectively with internal and external stakeholders.
Ability to manage multiple projects and prioritize tasks in a fast-paced environment.
Knowledge of MAS regulations, particularly TPRM and technology risk management; Knowledge of other regulatory requirements related to Outsourcing and Third-Party Management in other APAC countries will be a
strong advantage.
Understanding of IT controls, cybersecurity, and data protection; familiarity with audit processes or frameworks like COBIT is a plus.
A can-do attitude, passion for challenges, ability to build relationships with stakeholders, and commitment to staying updated on regulatory changes.