Singapore
• Developed unscheduled downtime calculation framework compliant with MAS FSM N-05 requirements, ensuring regulatory adherence. • Transitioned the bank’s system criticality framework from a binary to a tiered approach with the buy-in of C-suites, enhancing the bank's risk assessment capabilities. • Redesigned the Bank’s Tech control compliance workflow to align with MAS Notices FSM N-05, FSM N-06, and Bank's internal policies. • Managed technology audits including SOX audit, statutory audit (ITGC and ITAC), integrated audit, thematic audits by both Internal and External Audit teams. • Conducted risk assessments and control reviews, provided advisory and led issue tracking to closure, fostering a proactive risk management culture in the Technology team.
• Maintained and enhanced frameworks and policies to mitigate technology-related risks, ensuring compliance with MAS FSM-N05, FSM-N06, and MAS TRM guidelines. • Developed and refined the bank’s technology risk profile for committee meetings, ensuring alignment with risk appetite. • Collaborated with 1LoD to develop Key Risk Indicators for risk monitoring and management. • Ensured effective closure of risk exposures by tracking Technology risk in the Bank’s GRC tool. • Reviewed RCSA to ensure comprehensiveness and alignment with the organization's objectives and Technology risk management framework.
• Performed gap analysis and compliance review to ensure that the organisation is compliant with regulatory requirements such as MAS TRMG in order to facilitate local operations. • Facilitated certification and compliance reviews for the company to obtain MAS major payment institute license, and SOC2 Type2 certifications. • Reviewed and enhanced processes using the NIST, ISO and ITIL frameworks as baselines. • Monitored KRI and KPIs of security functional teams to detect areas of potential vulnerabilities and threats.
Cybersecurity • Ensured the integrity of the ITGC and assessed the maturity of the system configuration, network and endpoint security of the Frasers entities. • Systems audited include custom built applications, SaaS applications, ERP (SAP), Operating Systems (Windows, Linux, Redhat), Cloud (AWS, Microsoft Azure), and Firewall. IT & Data Governance • Reviewed IT Risk Assessments performed to ensure coverage of key risks and implementation of mitigating controls to reduce the overall risk exposure. • Reviewed the management of PII lifecycle to ensure compliance with the local GDPR and PDPA data protection laws. 3rd Party & Cloud Governance • Reviewed the process of vendor selection, onboarding and monitoring. • Reviewed Master Service Agreements, SOC report, and the ISO27001’s statement of attestation to ensure accountability and integrity of the end-to-end IT controls. • Performed assessment over the compliance of the Group’s outsourced IT operations and SOC provider. Audit Operations • Automated data analytics test procedures which involved data extraction, preparation, and analysis using ACL robotics. • Automated administrative tasks (send survey, report consolidation, email reminder) for GIA. • Supported business audits in areas of operational reviews. Countries audited – UK, Germany, Netherlands, Australia, China, Indonesia, Thailand, Saudi Arabia and Singapore. Industries audited – Hospitality, industrial, development, and retail industries for listed and non-listed Frasers entities.
Technology Assurance • Team-in-Charge for a quarterly certification audit reporting to the Casino Regulatory Authority. • Managed multiple stakeholders, experienced in performing audits involving local and foreign offices. • Analysed system output data using Excel and SQL to evaluate the IT security posture. • Developed test approaches for automated controls involving in-house systems. • Audits performed – business operations, 3rd party trust, Sarbanes-Oxley Act, IT general controls and automated controls and host-configuration review. • Systems audited – custom built applications, SaaS applications, ERPs (SAP, Oracle), Operating Systems (Windows, Linux). • Industries audited – government agencies, integrated resorts, shipping companies, financial institutions, cryptocurrency & insurance companies. Technology Advisory • Reviewed and enhanced security posture of clients through P&P review and walkthroughs. • Performed design gap assessments for client during the build phase of the project.