Senior Internal Audit Manager (Payments - Banking - Crypto)

Senior Internal Audit Manager (Payments - Banking - Crypto)

Our client is a leading payments infrastructure brand in Singapore.

The Head of Internal Audit will establish, lead, and manage Group Internal Audit function, providing independent, risk-based assurance over the Group's internal controls, governance framework, regulatory compliance and risk management processes across all licensed entities.

The role requires deep familiarity with MAS supervisory expectations, particularly for payment institutions and DPT service providers, and the capability to translate those expectations into a practical, proportionate, and credible audit programme across a fast-growing, multi-jurisdictional fintech.

KEY RESPONSIBILITIESA) Establish and Lead the Group Internal Audit FunctionDesign and implement a Group Internal Audit Charter, approved by the Board, defining scope, authority, independence, reporting lines and operational standards in line with MAS Guidelines on Internal Audit and IIA StandardsBuild and maintain a risk-based Annual Audit Plan covering all material risk domains across all Group entitiesServe as the primary point of accountability for all internal audit deliverables — including audit reports, management action tracking and Board-level reportingEstablish audit methodology, working paper standards, quality assurance processes and audit committee reporting templatesB) MAS-Specific and Singapore Regulatory AuditLead the annual independent AML/CFT audit mandated under MAS Notice PSN02, covering the full AML/CFT programme including policies, controls, transaction monitoring, customer due diligence and sanctions screeningConduct or oversee audits of all MAS-regulated activities under the PS Act, including safeguarding obligations (PSN01), technology risk management (MAS TRM Guidelines), and outsourcing controls (MAS Outsourcing Guidelines)Audit the Group's DPT controls framework ahead of and following licence variation approval, including custody solution architecture, wallet controls, and DPT-specific AML/CFT proceduresEnsure audit findings and management responses are presented to the Board / Independent Director and are available to MAS upon requestInterface directly with MAS as needed, including in the context of inspections, supervisory engagements, or regulatory requests for audit-related informationC) Global Internal Audit CoverageManage internal audit across the Group licensed entities including Canada (FINTRAC MSB/VASP), UAE (CBUAE), US MSB, and future licences in the UK, EU, Australia and AsiaUnderstand and apply jurisdiction-specific audit requirements (e.g., FINTRAC Part 1 and Part 2 compliance testing, CBUAE AML requirements) and identify gaps between those requirements and MAS PSN02Coordinate with local compliance officers and external co-sourced auditors in each jurisdiction to ensure consistent coverage standards and consolidated Group reportingMaintain a Group-wide audit universe and risk register, updated at least annually, to reflect the evolving risk profile of the businessD) Governance, Risk and Control AssuranceAudit the adequacy and effectiveness of governance framework including Board-level oversight, delegated authority structures, conflict of interest management and policy complianceReview the Group's Enterprise-Wide Risk Assessment (EWRA) process and provide independent assurance over risk identification, rating and mitigation adequacyAssess the effectiveness of operational and technology controls including IT general controls, access management, change management, business continuity and incident managementAudit the Group's outsourcing and third-party risk management framework, including intra-group service arrangements and oversight of India-based execution teamsProvide assurance over fraud risk controls and payments integrity framework, including transaction monitoring design and effectivenessE) Board Reporting and IndependenceReport functionally to the Board through the Independent Non-Executive Director, with full and unrestricted access to all records, personnel and systems necessary to discharge audit responsibilitiesPresent findings, risk ratings and management action plans to the Board on at least a quarterly basis; present the full Annual Audit Plan and year-end results to the Board annuallyMaintain independence from all business, compliance and operational functions; escalate any threats to independence to the Board immediatelyTrack and validate management's remediation of all audit findings and report overdue or re-opened items to the Board with appropriate escalation

CANDIDATE PROFILEExperience10–15+ years in internal audit, with at least 5 years in a senior audit leadership role within a MAS-regulated financial institution (bank, payment institution, digital asset firm, or equivalent)Direct experience auditing AML/CFT programmes under MAS Notice PSN02 or equivalent — ideally including a payment institution or DPT service provider contextFamiliarity with the MAS Guidelines on Internal Audit, MAS TRM Guidelines, MAS Outsourcing Guidelines, and the Payment Services Act 2019Experience managing or co-ordinating internal audit across multiple regulated jurisdictions; FINTRAC, CBUAE or FCA experience a strong advantagePrior experience either building an internal audit function from scratch or significantly transforming an existing one in a fast-growing or complex regulated entityBackground in external audit of financial institutions (Big 4 or equivalent) is highly valued, particularly if combined with in-house regulatory audit experienceTechnical CompetenciesDeep knowledge of MAS's regulatory framework for payment institutions: PS Act, PSN01, PSN02, PSN07, PS-G01 and the MAS internal audit guidelinesStrong understanding of AML/CFT risk, transaction monitoring design, sanctions compliance, and the risk-based approach under FATF standardsWorking knowledge of technology and cyber risk auditing, including IT general controls, cloud infrastructure, and digital asset custody systemsFamiliarity with DPT / digital asset regulatory frameworks and the specific audit risks associated with DPT service providersProficiency with audit management methodologies and tools; IIA Standards (IPPF) certification or equivalent strongly preferred