Senior Vice President, Technology Risk and Control

Singlife is a leading homegrown financial services company, offering consumers a better way to financial freedom. Through innovative, technology-enabled solutions and a wide range of products and services, Singlife provides consumers control over their financial wellbeing at every stage of their lives. In addition to a comprehensive suite of insurance plans, employee benefits, partnerships with financial adviser channels and bancassurance, Singlife offers investment and advisory solutions through its GROW with Singlife platform. It also offers the Singlife Account, a mobile-first insurance savings plan. Singlife is the exclusive insurance provider for the Ministry of Defence, Ministry of Home Affairs and Public Officers Group Insurance Scheme. Singlife is also an official signatory of the United Nations Principles for Sustainable Insurance and the United Nations-supported Principles for Responsible Investment, affirming its commitment to finding a better way to sustainability. The merger of Aviva Singapore and Singlife was announced in September 2020 and created one of the largest homegrown financial services companies in Singapore in a deal valued at S$3.2 billion. It was the largest insurance deal in Singapore at the time. Singlife was subsequently acquired by Sumitomo Life in March 2024, one of Japan’s leading life insurers, which valued Singlife at S$4.6 billion, making the transaction one of the largest insurance deals in Southeast Asia. Purpose of the Role • Develop and implement strategies to manage and mitigate technology risks, including cybersecurity threats, and system failures. • This role involves overseeing IT policies, processes, and controls, ensuring compliance with regulations, and fostering a culture of ethical IT practices. • To interface with internal auditor and regulator(s) Key Responsibilities Strategic Leadership • Ensure alignment of IT strategies with business goals and regulatory requirements • Ensure compliance with the Group’s risk management framework and policies relating to technology and cyber risks. • Implement and manage comprehensive controls based on best practice methodologies such as ITIL, ISO27K, NIST CSF, COBIT Policy and Process Management • Monitor and evaluate the effectiveness of IT Procedures to ensure adherence to standards Risk Management • Conduct risk assessments and propose risk mitigating measures. • Ensure visibility, escalation, and management of IT risks inherent in the delivery of technology services and day to day operations for Tech management. • Review risk issues and events that are lodged in GRC tool and ensure that the root cause is properly identified, and appropriate remediation actions are in place. • Collaborate with the Second Line of Defense (Tech Risk) to conduct periodic control self-assessment exercises, ensuring the relevant tech control owners complete the control test correctly. • Identify emerging risks and trends, conduct thorough risk assessments, and implement effective mitigation strategies. Compliance and Audit • Conduct annual evaluation to ensure compliance with IT policies, standards and regulations • Coordinate IT audits and manage responses to audit findings Collaboration and Communication • Facilitate IT governance training and awareness programs for employees • Promote a strong IT risk culture across the Technology division Performance Monitoring and Reporting • Monitor key performance indicators and key risk indicators, and follow-up with Tech owners to address identified issues. • Report on IT risk and governance to tech senior management, Operational Risk Committee, Board Risk Committees and Board Audit Committees, if needed • Highlighting and articulating inherent risks to senior management People Management • Provide leadership and guidance to the Tech Risk and Control Governance team, fostering a high-performing and collaborative culture. • Navigate ambiguity and complexity inside and outside of team Key Decisions within the Role • Policy and Standards review and approvals • Perform Quality Assurance on Internal, external audit / control self-assessments artefact submissions • KPI and KRI reporting to Senior management Requirements • 12+ years of combination experience in consulting, auditing, managing and/or monitoring of IT Operations, Security, Risk and Compliance. • Familiar with MAS regulatory requirements including Technology related MAS notices, guidelines, advisories, PDPA • Industry certifications like CISA, CISM, CISSP, CRISC and ITIL will be beneficial • Proven ability to lead teams, build partnership and drive strategic initiatives