Position: Risk and Control Analyst
Location: Singapore (CBD Area)
Arbeit Group is hiring a Risk and Control Analyst role for one of our clients in Singapore to strengthen their Technology Risk, Governance, and Compliance function.
Key Responsibilities
Risk Management
- Conduct IT risk assessments and develop/implement risk mitigation and control plans
- Ensure proper visibility, escalation, and management of technology risks across IT services and day‑to‑day operations
- Review and manage risk issues recorded in GRC tools, ensuring timely assessment and closure
- Collaborate with the Second Line of Defense (Technology Risk) on periodic Control Self‑Assessment (CSA) exercises
- Identify emerging technology risks, assess impact and likelihood, and define mitigation strategies
Compliance & Audit
- Ensure compliance with IT policies, standards, MAS regulations, and PDPA
- Coordinate IT and Technology Risk audits and manage audit findings and remediation
Governance, Reporting & Awareness
- Facilitate IT Risk governance training and awareness programs
- Promote a strong culture of risk and control across the Technology division- Monitor Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs)- Report IT governance and risk posture to Risk Committees and senior management, clearly articulating inherent and residual risks
Requirements
- Diploma or Degree in Computer Science, Information Technology, or related field
- Have 3–5 years of experience in Technology Risk, specifically in: IT Risk Management, IT Controls & Governance, Technology Compliance, Cyber / Network Risk (risk & control perspective), IT Audit or Risk Assurance
- Strong familiarity with MAS regulatory requirements, including: Technology Risk Management (TRM), Applicable MAS Notices, Guidelines, and Advisories, PDPA4.
- Experience working with or alongside risk & control frameworks covering: IT Operations Risk, Information Security Risk, Network or Cyber Security from a risk, control, and governance standpoint
- Have experience in Risk AND Control → Experience must involve identifying, assessing, and managing IT risks with defined controls
- Experience in Networking or Cyber Security → From a risk, compliance, governance, or control perspective❌ NOT NOC → This role is NOT for Network Operations Center, monitoring engineers, or run‑the‑shift operational roles
- Experience with GRC tools, risk registers, control assessments, and audit tracking
- Professional certifications such as CISA, CISM, CISSP, CRISC, and ITIL are highly beneficial
Pay: $2,000.00 - $3,500.00 per month
Work Location: On the road