Search by job, company or skills

K

IT Security GRC Manager

KWE-APLL TECHNOLOGY SERVICES PTE. LTD.
Singapore, Beach Road
7-9 Years
SGD 8,000 - 9,000 per month
new job description bg glownew job description bg glownew job description bg svg
  • Posted 21 hours ago
  • Be among the first 10 applicants
Early Applicant

Job Description

Job Purpose
This role leads the Governance, Risk, and Compliance functions. The role ensures that security controls are welldesigned, risks are understood and managed, and the company maintains compliance with industry, customer, and regulatory requirements. This leader partners closely with IT, operations, legal, procurement, and thirdparty partners to embed security into daily business processes.

Roles and Responsibilities
IT Security Governance and Policy Management

  • Develop, maintain, and enforce security policies, standards,and procedures aligned with business needs and regulatory requirements.
  • Establish a governance framework that integrates security intologistics operations, including forwarding systems, warehouse systems, transportation management systems, fleet technologies, IoT devices, and corporate applications.
  • Lead security awareness programs tailored to both office and field personnel.

Risk Management

  • Own the enterprise security risk management program, including risk identification, assessment, scoring, treatment planning, and reporting.
  • Conduct regular risk assessments and maintain the risk register.
  • Plan, manage and report mitigation actions.
  • Define risk responses (Mitigate/Transfer/Accept) and manage treatment plans.
  • Monitor Key Risk Indicators (KRIs) and analyze risk trends.
  • Prepare risk heatmaps and executive risk reports.
  • Support customer/regulatory assessments with risk documentation.
  • Monitor emerging threats and regulatory changes affecting supply chain and logistics operations.

Compliance and Audit

  • Manage compliance with frameworks such as ISO 27001, SOC 2,NIST CSF, GDPR, PDPA, CTPAT, PCI DSS (if applicable), and customermandated security requirements.
  • Manage internal and external audits, ensuring evidencereadiness and timely remediation of findings.
  • Maintain compliance documentation repositories, controllibraries, and audit trails to ensure regulatory adherence.
  • Evaluate regulatory changes and update internal policies.
  • Support incident response ensuring compliance obligations.
  • Coordinate evidence collection for customer/governmentassessments.

Third Party and Vendor Security

  • Lead the thirdparty risk management program, including duediligence, contract reviews, and ongoing monitoring.
  • Evaluate security posture of logistics partners, carriers, technology vendors, and SaaS providers.
  • Work with procurement and legal to embed security requirements into vendor agreements.
  • Conduct thirdparty security risk assessments.

Incident Preparedness and Response Governance

  • Develop and maintain incident response plans, playbooks, andcommunication protocols and ensure compliance.
  • Coordinate tabletop exercises with IT, operations, and executive leadership.
  • Ensure postincident reviews translate into updated controls and governance improvements.

Control Design and Assurance

  • Oversee the design, implementation, and testing of security controls across IT and operational technology environments.
  • Partner with infrastructure, application, and operations teams to ensure controls are practical and effective in high availability logistics environments.
  • Track control performance metrics and drive continuous improvement.

Reporting and Stakeholder Engagement

  • Deliver regular reports to executive leadership on risk posture, compliance status, and key initiatives.
  • Serve as the primary point of contact for customer security questionnaires and supply chain security assessments.
  • Communicate complex security topics in clear, business aligned language.

Requirements

  • Bachelor's degree in information security, Computer Science or related discipline.
  • Certifications preferred: CISSP, CISM, CRISC, CISA.
  • 7+ years in IT Security, GRC or related roles.
  • Strong understanding of security frameworks (ISO 27001, NIST CSF, SOC2).
  • Knowledge of data privacy regulations (GDPR, PDPA) and cross-border logistics considerations.
  • Experience managing audits, compliance programs, and risk assessments.
  • Familiarity with logistics & supply chain environments.
  • Ability to collaborate with crossfunctional teams and influence without authority.
  • Excellent communication, documentation, and stakeholdermanagement skills.

More Info

Job Type:
Permanent Job
Industry:
Other
Function:
Governance Risk And Compliance
Employment Type:
Full time

Job ID: 144563839

Jobs by Skill - IT
Jobs by Skill - Non IT
International Jobs
Last Updated: 19-03-2026 05:12:53 PM
Homejobs in SingaporeIT Security GRC Manager