Senior Manager, Cybersecurity Governance - #1122159

Job Description

Governance & Policy

• Support the CIO/AVP Cybersecurity in developing multi-year cyber risk and compliance strategies.

• Implement and maintain the cybersecurity governance framework, aligning with enterprise risk and compliance programs.

• Develop, maintain, and socialize cybersecurity policies, standards, and guidelines.

• Lead policy governance cycles including stakeholder consultations, review, and approval processes.

• Oversee compliance to internal policies and regulatory requirements (e.g. MAS TRM, ISO 27001, NIST, PDPA).

Risk Management

• Lead the cybersecurity risk management program, including identification, assessment, treatment, and reporting of cyber risks.

• Drive implementation of cyber risk metrics and dashboards for executive and board-level reporting.

• Collaborate with enterprise risk and audit teams to embed cyber risk into wider enterprise risk frameworks.

• Advise business and technology units on control design, residual risk, and exceptions.

• Stay abreast of evolving regulatory and industry trends and advise on potential impacts.

Assurance & Audit

• Develop and lead the cybersecurity assurance program including control testing, self-assessments, and control attestation.

• Coordinate and manage internal and external audits, including regulator-driven audits and penetration testing programs.

• Track findings and drive remediation to closure, including reporting to senior stakeholders.

Technology & Architecture

• Partner with Security Architecture, Operations, and Engineering teams to ensure alignment of controls to policies and risk posture.

Team Leadership & Development

• Mentor, and lead a capable in-house governance team.

• Promote a culture of accountability, collaboration, and continuous improvement.

Awareness & Engagement

• Execute organization-wide security awareness and training programs.

• Act as the key liaison to regulators, auditors, and industry bodies on cybersecurity GRC matters.

• Provide expert guidance to senior leadership, IT teams, and business units on policy interpretation, risk decisions, and control expectations.

• Conduct regular awareness and training sessions on cybersecurity governance and responsibilities.

Requirements

• Degree in Computer Science or other relevant field of study.

• Professional certification such as CGEIT ,CISM, CISA, CISSP, CRISC will be an advantage

• Minimum 5 to 8 years of Cybersecurity Governance, Risk & Compliance (GRC) working experience

• Well verse in Security Standards/Framework such ISO27001, IEC62443 and NIST etc.

• Well verse in MITRE ATT&CK framework

• Good understanding of various regulation/laws related to cybersecurity

• Good understanding of IT Governance, Project Management & Methodologies

• Strong understanding of security governance, operations, risk management, and compliance.

• Proven ability to communicate and influence effectively at the senior management and board levels.

• Familiarity with financial services or critical infrastructure regulatory environments is an advantage.