Job Description
Governance & Policy
- Support the CIO/AVP Cybersecurity in developing multi-year cyber risk and compliance strategies.
- Implement and maintain the cybersecurity governance framework, aligning with enterprise risk and compliance programs.
- Develop, maintain, and socialize cybersecurity policies, standards, and guidelines.
- Lead policy governance cycles including stakeholder consultations, review, and approval processes.
- Oversee compliance to internal policies and regulatory requirements (e.g. MAS TRM, ISO 27001, NIST, PDPA).
Risk Management
- Lead the cybersecurity risk management program, including identification, assessment, treatment, and reporting of cyber risks.
- Drive implementation of cyber risk metrics and dashboards for executive and board-level reporting.
- Collaborate with enterprise risk and audit teams to embed cyber risk into wider enterprise risk frameworks.
- Advise business and technology units on control design, residual risk, and exceptions.
- Stay abreast of evolving regulatory and industry trends and advise on potential impacts.
Assurance & Audit
- Develop and lead the cybersecurity assurance program including control testing, self-assessments, and control attestation.
- Coordinate and manage internal and external audits, including regulator-driven audits and penetration testing programs.
- Track findings and drive remediation to closure, including reporting to senior stakeholders.
Technology & Architecture
- Partner with Security Architecture, Operations, and Engineering teams to ensure alignment of controls to policies and risk posture.
Team Leadership & Development
- Mentor, and lead a capable in-house governance team.
- Promote a culture of accountability, collaboration, and continuous improvement.
Awareness & Engagement
- Execute organization-wide security awareness and training programs.
- Act as the key liaison to regulators, auditors, and industry bodies on cybersecurity GRC matters.
- Provide expert guidance to senior leadership, IT teams, and business units on policy interpretation, risk decisions, and control expectations.
- Conduct regular awareness and training sessions on cybersecurity governance and responsibilities.
Requirements
- Degree in Computer Science or other relevant field of study.
- Professional certification such as CGEIT ,CISM, CISA, CISSP, CRISC will be an advantage
- Minimum 5 to 8 years of Cybersecurity Governance, Risk & Compliance (GRC) working experience
- Well verse in Security Standards/Framework such ISO27001, IEC62443 and NIST etc.
- Well verse in MITRE ATT&CK framework
- Good understanding of various regulation/laws related to cybersecurity
- Good understanding of IT Governance, Project Management & Methodologies
- Strong understanding of security governance, operations, risk management, and compliance.
- Proven ability to communicate and influence effectively at the senior management and board levels.
- Familiarity with financial services or critical infrastructure regulatory environments is an advantage.
