Job Summary
We are seeking a Lead / Senior Cybersecurity Governance Specialist to join the CISO Office, responsible for shaping and driving enterprise-wide cybersecurity governance, risk management, and security architecture standards across a large, complex organisation.
Mandatory Skill-set
- 10-12 years of experience in Cybersecurity GRC, Information Security Risk Management, or Security Architecture, with exposure to large, complex enterprise environments
- Proven ability to manage cybersecurity risks across enterprise IT, cloud platforms, and large-scale digital systems
- Must have strong knowledge of security governance frameworks, including Singapore Government policies (e.g., IM on IT Management), NIST, and ISO 27001
- Must have strong expertise in risk assessment methodologies (e.g., TVRA) and translating technical vulnerabilities into business risk
- Deep understanding of Zero Trust Architecture (ZTA) and modern cybersecurity technologies such as Firewalls, EDR, IAM, SIEM, CSPM, CWPP, CASB, and secrets management
- Ability to map defensive controls to the MITRE ATT&CK framework, with solid understanding of offensive security concepts and threat actor TTPs
- Excellent stakeholder management, communication, and presentation skills, with the ability to influence senior leadership
- Strong analytical and critical thinking skills to identify systemic security issues and drive continuous improvement.
Desired Skill-set
- Exposure to Operational Technology (OT) and Industrial Control Systems (ICS) security environments
- Hands-on experience with manual and automated security testing and assessment tools
- Professional cybersecurity certifications such as CISM, CRISC, CISSP, OSWE, with OSCP as a good-to-have
- Experience working within large-scale government, regulated, or critical infrastructure environments
- Familiarity with advanced threat intelligence, attack simulation, and adversary emulation concepts.
Responsibilities
- Establish and maintain organisation-wide cybersecurity risk registers as living artefacts reflecting real-time threats and project risks
- Lead and facilitate risk discussions with senior management, CIOs, and agency leaders, translating technical risks into business and operational impact
- Develop and implement consistent risk analysis frameworks that enable informed risk-taking and innovation
- Embed cybersecurity risk management across the full system lifecycle, from design to deployment and operations
- Define and govern unified Threat Risk Assessment (TRA) standards across cloud, web applications, and OT/ICS environments
- Establish SOPs for Crown Jewel identification, critical information asset classification, and comprehensive threat modelling
- Standardise and govern security controls to ensure technical effectiveness beyond baseline compliance
- Lead the development and execution of a Zero Trust Architecture (ZTA) roadmap, including identity-based security and micro-segmentation
- Provide security architecture and GRC advisory for high-impact and critical digital systems
- Evaluate and govern security technologies to ensure continued effectiveness against evolving threats
- Establish and manage third-party and software supply chain risk management frameworks
- Define standards to assess vendor cyber resilience and manage risks from open-source and third-party dependencies
- Drive continuous audit readiness, oversee closure of audit findings, and ensure root-cause remediation
- Analyse audit trends to identify systemic security weaknesses and implement proactive improvements
- Partner with CIOs, CISOs, and project owners to build a proactive, risk-informed security culture
- Track evolving threat actor TTPs and emerging technologies, periodically reviewing the effectiveness of security controls.
Should you be interested in this career opportunity, please send in your updated resume to [Confidential Information] at the earliest.
When you apply, you voluntarily consent to the disclosure, collection and use of your personal data for employment/recruitment and related purposes in accordance with the SCIENTE Group Privacy Policy, a copy of which is published at SCIENTE's website
(https://www.sciente.com/privacy-policy).
Confidentiality is assured, and only shortlisted candidates will be notified for interviews.
EA Licence No. 07C5639
