IT Compliance & Governance Specialist

Marina Bay Sands Pte Ltd| Date Posted: 3-Jun-2020
Save Job
Job Nature:
'N' Levels / 'O' Levels, ITE/ NITEC/ Higher NITEC, 'A' Levels, Diploma, Bachelor's / Honours, Masters / PhD

Job Description


At Marina Bay Sands, the IT Compliance & Governance Specialist is responsible for supporting the IT Compliance Lead & Senior Specialist in managing IT compliance activities covering Governance, Risk and Compliance related programmes within Information Services.

  • Develop, refine and implement information security policies, standards, procedures, checklists, and guidelines to meet the compliance and regulatory requirements
  • Review and update policies on yearly / quarterly basis
  • Coordinate and support IT compliance activities across technology and business projects
  • Develop and manage IT risk and security for multiple IT functional areas (e.g., applications, systems, and network) across the organization.
  • Execution of procedures and controls to assure compliance with applicable regulatory and legal requirements as well as good business practices
  • Lead and execute formal risk analysis and compliance self-assessments for various IT systems and processes and ensure assessments completed timely
  • Analyses delivery and operation processes and requirements to determine conformance to security policies and procedures.
  • Identify tasks and controls necessary to remediate identified risks and vulnerabilities; negotiate dates for remediation to be completed
  • Support and track technology delivery and operation teams on remediation of new and outstanding issues
  • Identify, document, and assess information security vulnerabilities and risks in the information technology environment and identify systems affected
  • Inform stakeholders about compliance and security-related issues and activities affecting the assigned area or project
  • Support all IT aspects of external / internal reviews and audits (e.g., SOX, PCI)
  • Work with delivery team in the preparation of the incident reporting
  • Work with Audit to ensure proper risk management and audit compliance
  • Develop and deliver IT risk & security awareness and compliance training programs
  • Provide risk and security briefings to advice on critical issues that may affect the business
  • Stay knowledgeable of current advances in all areas of information technology concerning vulnerabilities, security breaches or malicious attacks


  • At least 6 years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, systems administration
  • Ability to work well with key business partners across sectors and internal IT teams in a collaborative manner
  • Strong communications skills to be able to interact with technical and non-technical colleagues
  • Strong interest in IT risk management and keep abreast of the dynamic threat landscape
  • Maintains an up-to-date understanding of industry best practices.
  • Working knowledge of security issues, techniques and implications across computer platforms.
  • Familiarity in one or more of the following areas: application security, OS system security, database security, networking, mobile device security, cloud technologies, payment card, and web technologies
  • Working knowledge of SDLC, Change Control, and SQA methodologies, techniques, and general principles
  • Working knowledge in performing risk assessments
  • Knowledge in the following standards / regulatory directives: ISO 27001, SOC1, SOC2, PCI DSS, Sarbanes-Oxley, PDPA, OWASP
  • Knowledge and experience in mapping 3rd party vendor procedures against SOX controls
  • ASQ Certified Quality Auditor (CQA) or Certified Software Quality Engineer (CSQE) desirable