Jobs at SGX Group (Now Hiring) — 7 open

Job Summary

Reporting to the Validation Lead, the Line 1.5 assurance role provides independent, control-focused assurance within Technology. The role evaluates the design and operating effectiveness of controls across technology and processes. It partners closely with First Line control owners, leveraging data-driven and continuous assurance to identify control gaps earlier and strengthen regulatory control alignment.

Job Responsibilities

Control Assurance and Testing

• Perform independent validation of key Technology controls, assessing design and operating effectiveness of controls related to areas such as cybersecurity, IT operations, data governance, change management, outsourcing, and access management.
• Assess adherence to internal policies, standards, and regulatory requirements (e.g., MAS TRM, MAS Cyber Hygiene Notices, Outsourcing Guidelines, CCoP).
• Document validation findings and providing clear, actional recommendations.
• Develop and implement continuous validation use cases to provide more timely control gap identification and reduce reliance on manual testing.

Regulatory Compliance

• Support the interpretation and implementation of regulatory expectations (e.g., MAS TRM, MAS Cyber Hygiene Notices, Outsourcing Guidelines, CCoP).

Risk Governance, Reporting, and Stakeholder Engagement

• Prepare validation reports for Technology management and risk committees with clear risk articulation, prioritised recommendations, and target implementation dates.
• Engage constructively with stakeholders across Line 1, 2, and 3, promoting a strong risk and control culture.

Job Requirements

• Bachelor’s Degree with 5 to 7 years of relevant experience within financial institutes in the areas of Technology Risk Management/ Audit/ Governance, and Data Analytics.
• Relevant professional certifications such as CISA, CISM, CISSP, CRISC or equivalent.
• Strong understanding of IT processes such as SDLC, change management, cloud, infrastructure operations, and cybersecurity.
• Understanding of AI and Generative AI concepts, associated risks, and governance considerations, including model risk, data privacy, security, explainability, bias, accountability, and human oversight.
• Experience participating in AI governance, technology risk, model risk management, or assurance reviews involving AI or Generative AI solutions.
• Familiarity with Singapore regulatory expectations (e.g., MAS TRM, MAS Cyber Hygiene Notices, Outsourcing Guidelines, CCoP).

Preferred Skills:

• Good communication and writing skills, especially in summarising risks and controls clearly for senior stakeholders.
• Ability to independently conduct reviews, perform control design assessment, process walkthroughs, evidence, and identify root causes.
• Ability to provide constructive challenges while maintaining a strong relationship with stakeholders and control owners.
• Independent, detail-oriented, and capable of managing multiple priorities.
• Familiarity with industry AI governance frameworks and regulatory guidance, such as MAS FEAT Principles, NIST AI Risk Management Framework (AI RMF), or equivalent frameworks will be an advantage.
• Experience in applying data analytics and automation using BI Tools (such as Power BI, Tableau, QlikView), and Programming/ Scripting Languages (such as SQL, Python, Alteryx) to enhance control testing will be an advantage.