IT Security Analyst (Governance, Risk & Compliance)

Client introduction
Our client is an established financial institution, and regulated by the Monetary Authority of Singapore.
As part of strengthening its technology governance and security function, the firm is looking to hire an IT Security Analyst (Governance, Risk & Compliance) to join its infrastructure and security team. This role is well suited for someone with a foundation in IT risk, governance, assurance or security compliance, who is looking to build broader exposure across cyber governance, audit, vulnerability management, vendor due diligence and security operations within a regulated financial services environment.
 
Job responsibilities

• Support the review and overhaul of the firm's IT and security governance framework, drafting policies, standards and procedures for senior review and refinement.
• Help embed clear, well-understood policies and procedures across the organisation, aligned with regulatory expectations.
• Support compliance against MAS guidelines, including Technology Risk Management, Cyber Hygiene and Outsourcing, and assist with related risk assessments.
• Coordinate internal and external audit activity, including collating responses, gathering supporting artefacts and following up on findings with internal stakeholders through to closure.
• Track vulnerability assessment findings and remediation progress (assessments are run through an external vendor), working with the infrastructure and application teams to close gaps in good time.
• Conduct third-party and vendor due diligence in line with MAS outsourcing requirements, and respond to client and counterparty due diligence queries on the firm's security controls and governance practices.
• Support user access reviews, joiner-mover-leaver processes and identity access governance.
• Assist with business continuity, disaster recovery and related assurance exercises.
• Provide support on security operations and incident response coordination where required, with guidance from the team lead.

 
Job requirements

• At least 4 years of experience in IT risk, IT governance, technology assurance, IT audit or IT compliance, gained within a regulated financial institution such as a bank, securities or brokerage firm, asset manager or insurer.
• Working familiarity with the MAS Technology Risk Management Guidelines, Cyber Hygiene Notice and Outsourcing Guidelines.
• Exposure to audit coordination, evidence gathering, policy documentation, risk assessment or remediation tracking.
• A genuine interest in cyber security and a willingness to learn the hands-on operational side of the role. Deep SOC or security engineering experience is not required.
• Exposure to vulnerability management, access reviews, SIEM or IAM tooling is an advantage rather than a requirement.
• Strong written and verbal communication, with the ability to engage auditors, vendors, infrastructure and application teams, and business stakeholders clearly.
• A detail-oriented, proactive working style and a readiness to learn across both governance and operational security.
• Relevant certifications such as CISA, or progress toward them, are advantageous but not mandatory.

Why you should join them

• Breadth of exposure that is rare at this level, spanning governance, risk, compliance, audit and security operations in a single role, giving the right person a strong foundation early in their career.
• Direct mentorship from an experienced infrastructure and security team lead, who will actively coach the successful candidate on the technical and operational aspects of the role.
• A genuine opportunity to help rebuild and mature the firm's IT governance framework, with visible impact in a lean team.
• Regular interaction with auditors, vendors and counterparties, building a clear path toward a career in IT risk and security governance.

JL
Reg. No. R1766249
BeathChapman Pte Ltd
Licence no. 16S8112