We are seeking an experienced Security Governance and Risk Specialist to strengthen our information security governance framework and ensure compliance with regulatory requirements, internal policies, and industry standards. The successful candidate will work closely with stakeholders across Technology, Risk, Compliance, and Audit to maintain a strong security posture and support ongoing improvements in security governance processes.
Key Responsibilities
1. Governance & Policy Management
- Develop, review, and maintain information security policies, standards, and procedures in line with MAS Technology Risk Management (TRM) Guidelines, ISO 27001, and other relevant frameworks.
- Ensure security policies are effectively communicated, understood, and implemented across the organisation.
- Monitor adherence to policies and recommend corrective actions where required.
2. Regulatory & Compliance Management
- Track and ensure compliance with applicable regulations (e.g., MAS TRM, PDPA, GDPR, PCI-DSS).
- Coordinate responses to regulatory queries, inspections, and audits.
- Support internal and external audits, providing evidence and addressing findings in a timely manner.
3. Risk & Control Oversight
- Work with IT and business units to identify, assess, and mitigate security risks.
- Maintain and update the security risk register and ensure timely closure of security issues.
- Perform security control effectiveness reviews and support remediation efforts.
4. Security Awareness & Training
- Support the design and rollout of security awareness programmes to enhance the security culture.
- Provide subject matter expertise on security governance during onboarding, projects, and initiatives.
5. Reporting & Metrics
- Prepare and present security governance reports, dashboards, and KPIs for management and board committees.
- Monitor trends and emerging risks to recommend enhancements to governance processes.
Requirements
- Bachelor's degree in Information Security, Computer Science, or related discipline.
- 3-10 years of experience in information security governance, risk, and compliance within financial services or regulated environments.
- Strong knowledge of MAS TRM Guidelines, PDPA, ISO 27001, NIST, COBIT, and related frameworks.
- Experience with security audits, regulatory inspections, and risk management processes.
- Excellent stakeholder engagement, communication, and report-writing skills.
- Professional certifications such as CISM, CISSP, ISO 27001 Lead Implementer/Auditor are preferred.
To apply:
If you're interested to apply or find out more, please share across your CV or reach out to Chen Yi at [Confidential Information] for a discussion. Due to anticipated high volume of applications, we regret to inform that only shortlisted candidates will be notified.
Reg: R1876389
Lic: 16S8060
