Senior Manager, Governance, Risk & Compliance

About The Role

You will lead the day-to-day management of FINEXUS governance, risk, compliance and information security frameworks, while helping shape how these capabilities evolve over the next 3–5 years. This is a player-coach leadership role: you will develop a team of specialists while remaining hands-on in key risk, security and compliance decisions, engaging credibly with engineering teams on technical risk and security trade-offs.

Working closely with engineering, product and leadership, you will ensure that risk management and compliance are embedded into design, build and run — influencing decisions early rather than validating them after the fact. You will strengthen governance maturity by operationalizing the Three Lines of Defense (3LoD), clarifying decision rights and escalation paths, and ensuring clear accountability for risk ownership, oversight and assurance.

You are expected to bring strong cybersecurity judgment — not to operate security systems directly, but to shape security decisions, challenge technical assumptions, and ensure security considerations are embedded into architecture and operations.

Why This Role Matters To Us

We build the technology that keeps banking and payments in Malaysia running every day. At FINEXUS, trust, security, regulatory integrity and strong governance are fundamental to the platforms that power financial transactions across the ecosystem.

As Senior Manager, Governance, Risk & Compliance, you will shape and lead both the strategic direction and day-to-day execution of GRC practices that safeguard FINEXUS technology platforms. You act as the critical bridge between regulatory expectations, enterprise governance and operational execution, ensuring our systems scale responsibly while maintaining the trust of financial institutions and regulators.

Key Responsibilities

Risk Management & Governance Execution

• Lead the implementation and management of the enterprise risk management framework at the operational level.
• Maintain the enterprise risk register, ensuring risks are systematically identified and mitigated across technology and business functions.
• Operationalize the Three Lines of Defense, ensuring that the 1st line (Operations) and 2nd line (Risk) work in seamless alignment.

Regulatory Compliance & Audit Leadership

• Lead all internal and external audits, including PCI-DSS and BNM assessments, managing the end-to-end evidence collection and remediation process.
• Act as the Subject Matter Expert (SME) for payment security standards, overseeing Cryptographic Key Management and secure data handling protocols.
• Monitor regional regulatory shifts (e.g., BNM, MAS) and translate them into actionable operational policies.

Information Security & Data Governance

• Support the development of the ISMS and ensure security-by-design principles are integrated into the product development lifecycle.
• Manage cross-border data transfer controls and ensure regional privacy compliance (PDPA).
• Oversee cybersecurity risk assessments and security control monitoring initiatives.

Resilience & Team Leadership

• Coordinate BCP/DR drills to ensure the resilience of banking infrastructure.
• Lead and mentor the Risk & Compliance team, setting quarterly OKRs that align with FINEXUS strategic growth.
• Support vendor governance and third-party risk management activities.

Key Requirements

Education & Experience

• Bachelor's or Master's degree in Information Security, Computer Science, or Risk Management.
• Minimum 8–10 years of progressive experience in risk management, regulatory compliance, or information security.
• Proven track record within highly regulated environments (Fintech, Digital Payments, or Banking Infrastructure).
• Minimum 3 years of experience leading or mentoring a team of specialists.

Technical Expertise

• Regulatory Mastery: Deep, hands-on familiarity with BNM RMiT, PCI-DSS, and PDPA, AMLA.
• GRC & 3LoD: Proven experience implementing or managing the Three Lines of Defense model and enterprise GRC frameworks.
• Security & Resilience: Strong understanding of ISMS (ISO 27001), ISO9001 and experience managing the full lifecycle of BCP/DRP testing.
• Audit Leadership: Experience leading successful regulatory audits and managing complex remediation programs across technical teams.

Preferred / Good-to-Have

• Professional Certifications: CISM, CISSP, CISA, or CDPM.
• Payment Specialist Knowledge: Exposure to PCI 3DS and cryptographic Key Management.
• Regional Experience: Engagement with regulators across Southeast Asia (BNM, MAS, OJK).

Technical Scope

• Regulatory: BNM RMiT • AMLA / AML-CFT • PCI-DSS • PCI 3DS • PDPA.
• Governance: Enterprise GRC • 3LoD • ISMS • ITGC • ISO 27001 • SOC 2 • ISO 9001.
• Resilience: BCP/DRP • Incident Management • Key Management Oversight.

Expected Outcome From This Role

• Ensure continuous compliance of FINEXUS platforms with BNM RMiT, PCI‑DSS, PDPA, AMLA/AML‑CFT and other applicable standards.
• Establish data‑driven GRC practices that give leadership clear, actionable insights into risk exposure, control effectiveness and readiness.
• Own the audit lifecycle, leading regulatory engagements and certifications while ensuring zero surprises through proactive remediation and governance reporting.
• Drive operational resilience by ensuring BCP/DRP, incident governance and key management frameworks are technically robust, regularly tested and reported at governance forums.
• Cultivate a security‑first, compliance‑by‑design culture, translating complex regulatory and governance requirements into practical habits for engineering and business teams.