JJ Consulting Services is a recruitment firm and preferred partner for multinational companies expanding in Asia. Our consultants bring deep industry and functional expertise, delivering top professional and staffing solutions to clients and candidates.
Our client is a leading company in Singapore. You will lead the design and implementation of a strategic cybersecurity governance, risk, and compliance (GRC) framework. Your mission is to embed risk management into all digital systems, transforming GRC into a business enabler across IT, Cloud, and Operational Technology environments.
Responsibilities
- Establish and maintain dynamic security risk registers that reflect current threats and project statuses across agencies
- Lead senior management risk discussions by translating complex technical risks into clear business impacts to guide resource prioritization
- Develop and implement a consistent risk analysis framework that enables agencies to take calculated risks for innovation
- Create and uphold unified Threat Risk Assessment (TRA) standards for Cloud, Web Applications, and OT/ICS domains
- Develop SOPs for identifying critical information assets (Crown Jewels) and mapping comprehensive threat vectors
- Define and enforce standardized security controls that effectively mitigate identified risks beyond baseline compliance
- Lead the development and execution of a Zero Trust Framework emphasizing identity-based security and micro-segmentation
- Provide expert governance, risk, and compliance advisory during the design of high-impact systems to ensure security-by-design
- Evaluate and recommend security technologies that address specific risks and maintain defense relevance against evolving threats
- Establish frameworks for managing third-party and software supply chain risks, including assessing cyber-resilience of vendors and dependencies
- Drive agencies toward continuous compliance readiness and proactive audit preparation
- Oversee closure of audit findings by ensuring substantive technical fixes rather than superficial measures
- Partner with stakeholders to foster a proactive risk management culture through education and advocacy
- Monitor evolving threat actor tactics and technology trends to ensure defenses remain current and effective
Required competencies and certifications
- 10 to 12 years of experience in Cybersecurity GRC, Information Security Risk Management, or Security Architecture
- Proven expertise managing risks across IT and Cloud environments experience with Operational Technology systems is a significant advantage
- Deep knowledge of security policies (e.g., Instruction Manual on IT Management) and international standards such as NIST and ISO 27001
- Mastery of risk assessment methodologies (e.g., TVRA) with the ability to translate technical vulnerabilities into business risks
- Strong technical understanding of Zero Trust Architecture components and cloud security technologies including Firewalls, EDR, IAM, SIEM, CSPM, CWPP, CASB, and secrets management
- Ability to map technical controls to the MITRE ATT&CK framework to ensure comprehensive defensive coverage
- Proficiency in manual and automated offensive security testing tools and deep understanding of MITRE ATT&CK framework and common TTPs
Preferred competencies and qualifications
- Professional certifications such as CISM, CRISC, CISSP, OSCP, or OSWE are highly preferred
- Strategic influence skills to educate and persuade senior stakeholders on rigorous risk governance
- Critical thinking to identify and resolve systemic issues beyond surface-level audit compliance
- Commitment to continuous learning on emerging security technologies and cyber threat landscapes
- Exceptional ability to articulate complex technical risks into business terms for non-technical senior executives
Other Information
Applicants are invited to send a MS Word resume to [Confidential Information] stating the position applied for, current and expected salaries, and earliest availability. We thank all applicants in advance only shortlisted candidates will be notified.
- EA Licence No.: 12C6207
- JJ Consulting Services
