Rainbow Centre is recognised as one of top 300 employers under the Singapore Opportunity Index, as a Career Builder that continuously creates meaningful opportunities for career advancement.

The Head, Governance, Risk & Compliance (GRC) provides enterprise leadership for governance, regulatory compliance, risk management, and data protection across RC. The role ensures that RC operates with integrity, transparency, and accountability, while enabling services and leaders to deliver with confidence in a complex and highly regulated environment.

As the organisation’s Data Protection Officer (DPO), the role stewards RC’s data governance and privacy obligations, ensuring responsible, ethical, and lawful use of personal and sensitive data across services, systems, and partnerships.

Critical Work Functions

Corporate Governance, Risk & Assurance 

1. Lead the design, implementation, and continuous strengthening of RC’s enterprise governance, business continuity planning, risk management, and assurance frameworks.
2. Partner the Executive Director to support effective Board and Board Committee governance, including policy frameworks, reporting discipline, and assurance processes.
3. Maintain oversight of organisational risks, ensuring risks are identified, assessed, mitigated, and escalated appropriately in line with RC’s risk appetite.
4. Provide timely, high-quality governance and risk insights to the Executive Director and relevant Board Committees to support informed decision-making.
5. Serve as the primary liaison with external legal counsel, overseeing the management of legal matters to ensure timely, appropriate, and risk-informed outcomes.

Regulatory Compliance & Statutory Obligations

1. Provide enterprise leadership and coordination to ensure compliance with ECDA, MOE, MSF, NCSS, PDPA, and other applicable statutory and regulatory requirements.
2. Translate regulatory requirements into clear organisational policies, procedures, and guidance that are practical and proportionate to service realities.
3. Monitor compliance trends, audits, and regulatory changes, advising the Executive Director and senior leaders on emerging risks and implications.
4. Coordinate organisational responses to audits, inspections, and regulatory reviews, ensuring timely follow-up and corrective actions.

Data Protection & Information Governance 

1. Serve as RC’s appointed Data Protection Officer (DPO), with accountability for PDPA compliance and data protection governance across the organisation.
2. Develop, implement, and oversee RC’s data protection, privacy, and information governance frameworks, including policies, controls, and breach management processes.
3. Advise the Executive Director, Directors, and system owners on data protection risks, impact assessments, and privacy-by-design considerations for new initiatives.
4. Lead the management of data incidents and breaches, including investigation, reporting, remediation, and regulatory engagement where required.

Incident Management, Investigation & Escalation

1. Act as the enterprise coordination lead for major incidents, investigations, and cross-divisional risk issues, working closely with relevant Directors and the Executive Director.
2. Ensure clear escalation pathways, role clarity, and documentation for incidents involving safeguarding, compliance, data protection, or reputational risk.
3. Support fair, thorough, and timely investigations, ensuring procedural integrity, confidentiality, and alignment with RC policies and legal requirements.
4. Identify systemic issues arising from incidents and investigations, recommending improvements to policies, controls, and practices.

 Policy Governance & Internal Controls

1. Lead organisation-wide policy governance, ensuring policies are current, aligned, approved, and consistently applied.
2. Own the publishing, maintenance, and annual review cycle of organisation-wide governance policies, including the rationalisation of policies and controls to reduce duplication, improve clarity, and enhance compliance effectiveness.
3. Strengthen internal control frameworks across services and corporate functions by identifying risks, driving continuous process improvements, and enhancing accountability.
4. Manage remediation plans arising from audits, reviews, or incidents, and provide clear reporting to senior management and relevant governance bodies.
5. Partner Directors and managers to embed governance and compliance expectations into everyday operations, decision-making, and people practices.

Qualification & Experience

Qualification

• A recognised degree in Law, Accounting, Governance, Risk Management, Public Policy, Information Management, or a related discipline.
• Professional certification or formal training in governance, risk, compliance, audit, or data protection (e.g. PDPC, IAPP, ISO, or equivalent) is strongly preferred.

Experience

• Minimum 8 years of relevant experience in governance, risk, compliance, audit, legal, or regulatory roles, preferably within complex, regulated, or public-interest organisations.
• Demonstrated experience:
  • Leading organisation-wide governance or compliance frameworks
  • Advising senior leaders and Boards on risk and regulatory matters
  • Acting as or supporting a Data Protection Officer function
  • Managing incidents, investigations, or regulatory engagements