Head of IT Compliance

About the team:

At Aspire we understand the importance of maintaining a strong culture of compliance to protect our organization and ensure the trust of our customers. Our Compliance Team is at the forefront of identifying and addressing regulatory risks implementing controls and ensuring that our policies and procedures align with regulatory requirements. This allows Aspire to stay ahead of evolving regulations proactively identifying potential risks and developing comprehensive risk mitigation strategies hence contributing to our long-term success.

About the role:

• Oversee organization's IT governance and risk management process.

• Oversee the development and implementation of policies and standards to support the IT governance framework.

• Identity manage and report information technology risks and issues mitigations and gaps to senior management and board.

• Engage senior management IT leaders and provide subject matter advisory to business.

• Oversee cybersecurity awareness program including email phishing simulations.

• Oversee enterprise vulnerability management program including vulnerability disclosure and bug bounty program.

• Establish IT Risk Control Framework

  • Oversee the execution and implementation of the privacy and data protection compliance programme globally including leading audits developing and implementing privacy policies and procedures and monitoring ongoing compliance with the privacy requirements.

  • Develop data governance framework and endure full compliance across jurisdictions the company operates;

  • Be the main escalation point of contact for privacy related inquiries and investigation from internal and external stakeholders including local data protection authorities.

  • Engage with senior management and the different tribes across Aspire to drive pragmatic approaches to privacy risk management to enable compliant growth in the region.

Minimum qualifications:

• Minimum 10 years of experience in IT security technology risk management IT governance and assurance or security consulting.

• Good knowledge and experience with legislation and compliance requirements such as Singapore Personal Data Protection Act (PDPA) European Union General Data Protection Regulation (GDPR) Monetary Authority of Singapore Technology Risk Management (TRM) guidelines and Payment Card Industry Data Security Standard (PCI DSS) as well as industry best practices/principles such as ISO27001 and National Institute of Standards and Technology (NIST) Cybersecurity Framework.

• Professional certification such as CISSP CISA CISM CRISC ARiMI CPRM & RIMS-CRMP

Preferred qualifications:

• Strong team player to work with various internal stakeholders to effectively implement the compliance program

• Experience in interacting with financial regulators in Singapore (preferably to have handled financial services-related license/registration applications)

• Proven experience in navigating and thriving in a matrix organization demonstrating the ability to effectively manage and communicate within an environment where various teams may influence project outcomes.

• Strong communication skills (both written and verbal)