Job Title: Security GRC Lead/ ISO
About the Role
We are hiring an Security GRC Lead/ISO for our client in the insurance sector. This is a senior leadership role responsible for developing and executing the enterprise-wide information security strategy. The successful candidate will drive policy, governance, and risk management initiatives while overseeing cybersecurity operations and ensuring alignment between business and security objectives.
Key Responsibilities
- Develop and lead the company-wide information security strategy in alignment with business goals and regulatory standards (e.g., MAS TRM, ISO 27001).
- Serve as the key advisor and senior leadership on cybersecurity and risk matters.
- Lead the creation and enforcement of security policies, procedures, and standards.
- Manage security risk assessments, third-party/vendor risk, and compliance initiatives.
- Oversee incident response and threat management across the organization.
- Monitor and report key security metrics, including incident response time, system availability, and vendor performance.
- Evaluate and implement emerging cybersecurity technologies and best practices.
Qualifications
- Bachelor's or Master's in Computer Science, Information Security, or related field.
- Professional certifications such as CISSP, CISM, CISA, CRISC, or equivalent are preferred.
- 8-10 years of relevant experience, with at least 5 years in a security leadership role (e.g., IT Security Manager, CISO).
- Proven experience in regulated industries, ideally within financial services or insurance.
- Strong knowledge of MAS TRM guidelines, risk frameworks, and GRC practices.
- Excellent leadership, communication, and stakeholder management skills.
If this opportunity aligns with your skills and career goals, we encourage you to apply.
EA License: 21C0783
EAP Registration No: R24123529
