Job Description
About The Role
As a Cybersecurity GRC Analyst, you will support organizations in strengthening their cybersecurity posture by assessing maturity, managing risks, and ensuring compliance with global frameworks and regional regulations. You will work closely with clients to translate technical findings into clear business insights and actionable improvement roadmaps.
Key Responsibilities
Support cybersecurity maturity, risk, and compliance assessments across frameworks such as NIST CSF, NIST 800-53, ISO/IEC 27001, CIS Controls, IEC 62443, and regional regulations (MAS TRM, PDPA, GDPR, EU AI Act)
Conduct stakeholder interviews, workshops, document reviews, and control walkthroughs to assess current security capabilities
Analyze findings, perform control maturity scoring, and identify gaps and risks in clear, business-relevant language
Develop high-quality deliverables including current state assessments, gap analyses, benchmarking reports, and prioritized remediation roadmaps
Build effective working relationships with client stakeholders across IT, OT, risk, audit, legal, and business teams
Support client meetings and working sessions, including documentation, action tracking, and follow-ups
Collaborate with regional teams across Singapore, Thailand, and APAC to deliver consistent and high-quality outcomes
Contribute to proposals, methodologies, and knowledge assets to strengthen the cybersecurity GRC practice
Required Qualifications
1 to 3 years of relevant experience in cybersecurity, GRC, IT audit, risk advisory, or security consulting, preferably in a client-facing role
Working knowledge of at least one cybersecurity framework (e.g., NIST CSF, ISO/IEC 27001, CIS Controls)
Understanding of security domains such as identity and access management, network security, endpoint security, vulnerability management, incident response, and data protection
Familiarity with regulatory requirements in Singapore and APAC, including MAS TRM Guidelines and PDPA
Strong analytical and problem-solving skills, with attention to detail in assessment and reporting
Excellent written and verbal communication skills, with the ability to present technical insights in business terms
Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Engineering, Business, or related field
Preferred Qualifications (Optional)
Industry certifications such as CompTIA Security+, ISO 27001 Lead Implementer/Auditor, CISA, CRISC, or progress toward CISSP/CISM
Exposure to OT/industrial cybersecurity and IEC 62443 frameworks
Understanding of AI governance, responsible AI practices, or EU AI Act requirements
Experience with GRC platforms such as ServiceNow GRC, Archer, or OneTrust
Prior experience in a consulting environment or professional services firm
