Senior GRC Consultant

POSITION OVERVIEW

We are seeking an experienced Senior GRC Consultant to join our GRC consulting practice. In this client-facing role, you will lead end-to-end GRC consulting engagements - guiding clients through the scoping, implementation, and certification of frameworks such as ISO 27001, Cyber Trust Mark, NIST CSF, SOC 2, and other regulatory standards. You will serve as the primary point of contact for clients, managing project delivery and building long-term advisory relationships across multiple industries.

KEY RESPONSIBILITIES

• Lead end-to-end GRC consulting engagements for clients across multiple industries, from scoping through to certification or sign-off

• Serve as primary client relationship manager, managing expectations, timelines, and deliverables across concurrent projects

• Conduct gap analyses and readiness assessments for frameworks including CCoP, IM8, Security-by-Design, ISO 27001, PDPA / Privacy Assessment, SOC 2 Type II, NIST CSF

• Perform system architecture reviews and threat modelling

• Conduct Security Systems Acceptance Test (SSAT)

• Conduct tabletop exercises and security awareness trainings

• Guide clients through the full ISO 27001 certification lifecycle: scoping, ISMS design, risk assessment, control implementation, internal audit, and certification audit support

• Support clients pursuing Singapore's Cyber Trust Mark and Cyber Essentials certifications, including assessment preparation and remediation advisory

• Develop client-facing deliverables: gap assessment reports, risk registers, ISMS documentation, policies, procedures, and remediation roadmaps

• Facilitate client workshops, interviews, and walkthroughs with stakeholders across technical and business teams

• Mentor junior consultants on project delivery, client interaction, and technical GRC content

• Contribute to the development of internal methodologies, templates, and service offerings

QUALIFICATIONS & REQUIREMENTS

Education

• Bachelor's degree in Information Security, Computer Science, or a related field

• Master's degree or postgraduate qualification in Risk, Compliance, or Cybersecurity is advantageous

Experience

• Minimum 4 - 6 years of experience in GRC consulting, information security advisory, or IT audit roles

• Proven track record delivering ISO 27001 implementations or certification projects for external clients

• Hands-on experience with Singapore's Cyber Trust Mark or Cyber Essentials framework is a strong advantage

• Experience managing multiple client projects simultaneously in a consulting or professional services environment

• Familiarity with sectors such as financial services, healthcare, government, or technology is a plus

Certifications (Preferred)

• CISSP - Certified Information Systems Security Professional

• ISO 27001 Lead Auditor / Lead Implementer

• CISA - Certified Information Systems Auditor

• CISM - Certified Information Security Manager

• AWS Related Certifications

• Azure Related Certifications

SKILLS & COMPETENCIES

• Deep working knowledge of ISO 27001, PDPA / Privacy Assessment, SOC 2 Type II, NIST CSF, CCoP, IM8, Security-by-Design and related standards

• Experience in performing system architecture reviews and threat modelling

• Experience in conducting tabletop exercises and security awareness trainings

• Experience in conducting Security Systems Acceptance Test (SSAT)

• Strong client management skills - able to build trust, communicate clearly, and manage difficult conversations

• Excellent written communication: proficient in producing professional reports, policies, and executive presentations

• Ability to translate complex technical GRC requirements into business-friendly language for non-technical clients

• Experience facilitating workshops and training sessions for diverse stakeholder groups

• Strong project management discipline - able to handle multiple engagements with competing deadlines

• Comfortable working independently on client sites and representing the firm professionally

WHAT WE OFFER

• Competitive salary with performance-based bonus

• Medical and dental coverage

• Professional development budget and certification support

• Flexible hybrid work arrangement

• Collaborative and growth-oriented team environment