GRC Security Engineer

GRC Security Engineer

Singapore - Onsite

Open only to Singapore Citizens and Permanent Residents (no work visa sponsorship)

About the Role

We are seeking an experienced GRC Security Engineer who can drive governance, risk, and compliance initiatives while also supporting security engineering and operational activities. The ideal candidate will ensure that security policies and controls align with compliance frameworks and are effectively implemented across infrastructure and monitoring environments.

Responsibilities

Implement and maintain security compliance frameworks (ISO 27001, NIST, PCI-DSS, SOX, HIPAA).

Conduct risk assessments, control reviews, and gap analysis across enterprise environments.

Support audits, regulatory reporting, and remediation activities.

Assist in developing and enforcing security policies, standards, and procedures.

Work with security operations teams to analyze incidents, strengthen monitoring controls, and enhance incident response processes.

Collaborate with infrastructure/security engineering teams on hardening, vulnerability remediation, and secure configurations.

Required Skills & Experience

510 years of cybersecurity experience with a strong emphasis on governance, risk, and compliance.

Knowledge of compliance frameworks (NIST CSF, ISO 27001, PCI-DSS, SOX, HIPAA).

Hands-on exposure to infrastructure security, monitoring tools, and incident response workflows.

Experience with vulnerability management and remediation tracking.

Excellent documentation and communication skills to interface with auditors, stakeholders, and technical teams.

Preferred Qualifications

Certifications: CISSP, CISM, CISA, CRISC, or equivalent.

Exposure to cloud security (AWS, Azure, or GCP) and associated compliance frameworks.

Experience in coordinating with SOC teams or infrastructure engineers on security controls.