Background
- We are seeking an experienced and results-driven Assurance Lead to drive the organization's assurance strategy, ensuring sustained compliance with the organization's policies and applicable regulatory requirements.
- This role is responsible for managing audit programs, ensuring compliance with PCI DSS standards, conducting business-as-usual (BAU) control assessments, and managing third party risks while embedding a strong culture of risk awareness and continuous improvement across the organization.
Key Responsibilities
Leadership and Strategy
- Define and execute the organization's assurance strategy and roadmap aligned with the organization's policies, risk appetite and regulatory requirements
- Collaborate cross functionally with IT, Risk & Compliance, Audit and Business Units to ensure consistent and effective control implementation
- Foster a culture of accountability, risk awareness and continuous improvement across the organization
Audit Management
- Lead end-to-end internal and external audit engagements, including planning, execution, reporting and remediation tracking
- Act as the primary liaison with auditors, regulators and stakeholders
- Ensure timely submission of audit deliverables and closure of audit findings with sustained remediation
PCI DSS Compliance Management
- Own and manage the organization's PCI DSS compliance program
- Perform annual Card Data Environment (CDE) scoping and validation, ensuring completeness and accuracy of in-scope systems and processes
- Drive timely remediation of identified gaps, vulnerabilities and non-compliance issues
Business-as-usual (BAU) Control/Risk Assessments
- Establish unified control framework with the organization's policies and regulatory requirements
- Conduct periodic control effectiveness testing and risk assessments for systems and processes at planned intervals
- Identify gaps across technology, process and people, and recommend practical improvements
- Provide transparent oversight and reporting on remediation progress to both management and operational teams
Third Party Security Risk Management
- Design and implement a third party security risk management framework covering onboarding, ongoing monitoring and offboarding
- Lead for risk-based due diligence based on business and system criticality as well as data sensitivity
- Maintain a centralized third party, ensuring risks are mitigated in line with the organization's risk appetite
Risk Management
- Able to articulate the security and regulatory requirements and translate it to actionable remediation plans
- Maintain an up-to-date risk register, ensuring the risk mitigation actions are assigned and delivered on time
- Provide risk insights and recommendations to support informed decision making by management
Training & Awareness
- Develop and implement a risk-based security training and awareness plan aligned with the evolving threats and compliance needs
- Conduct role-based training tailored to different functions across the organization
- Foster a strong risk and compliance culture within the organization
Key Requirements
- Deep understanding of security and compliance framework including PCI DSS, ISO 27001, NIST and regulatory requirements (i.e BNM RMiT, MAS)
- Proven experience in audit ad risk management
- Strong analytical and problem-solving skills
- Strong grasp of risk assessment and prioritization
- Ability to interpret complex requirements and translate them into practical action items
- Good stakeholder management and communication abilities
- Professional certifications such as CISSP, CISA, CRISC or CISM are highly desirable
