IT GRC [Cybersecurity and Compliance | West] - #1130427

[Job Order: 1150321]

Responsibilities:
Cybersecurity Governance

• Develop, implement, and review cybersecurity policies, standards, and procedures in alignment with organisational needs and national frameworks (e.g., CSA, IM8).
• Drive awareness and training programmes to embed a culture of cybersecurity across the organisation.
• Provide guidance to business units on secure practices and policy adherence.

Cybersecurity Risk Management

• Conduct regular risk assessments on IT systems, operational technologies, and supply chain processes to identify vulnerabilities and threats.
• Assess the cyber security risk of third-party vendors with an appropriate level of detail; -Identify controls to address gaps in third party vendor relationships; Monitor the implementation of controls
• Establish risk registers, recommend mitigation strategies, and track remediation activities.
• Monitor emerging cybersecurity risks, particularly those affecting logistics, warehousing, and transportation systems
• Liaise with the application project team on Penetration test findings closure and improvement; track finding and ensure timeliness closure.
• Ensure Cyber risk register are kept up to date and risk are calculated accurately.

Cybersecurity Compliance and Audit

• Ensure compliance with regulatory requirements (e.g., PDPA, Cybersecurity Act, MAS TRM) and global standards (ISO 27001, NIST).
• Coordinate and support internal/external audits and customer security assessments.
• Maintain and update compliance documentation, audit evidence, and reports.
• Conduct assurance reviews to validate governance adherence and expected outcomes.
• Collaborate with technology and business teams to automate compliance checks and audit processes.
• Assess third-party vendor cybersecurity risks, define and monitor controls, and track remediation.
• Oversee security operations service provider in managing cybersecurity incidents and operations.
• Support deployment of cybersecurity solutions and assist in resolving security-related issues.
• Monitor, detect, and ensure timely remediation of cyber threats, risks, and vulnerabilities.
• Stay current with emerging threats, technologies, and industry best practices; recommend controls and solutions.
• Plan, conduct, and oversee vulnerability assessments and penetration testing, ensuring timely closure of findings.

Incident Preparedness & Reporting

• Support the development and testing of cybersecurity incident response and business continuity plans.
• Ensure governance and compliance aspects are addressed during incident investigations and post-mortems.
• Report cybersecurity metrics and compliance status to senior management and relevant committees.

Requirements:

• Bachelor's Degree in IT/Computer Science or relevant fields.
• 5-8 years of experience of relevant cybersecurity experience, with at least 2-3 years in governance, risk, and compliance functions
• Proficient in MS Office Applications / Microsoft Power Platform Applications and social media platforms
• Strong analytical and problem-solving skills, with the ability to assess risks and propose practical mitigation strategies.
• Positive attitude and willingness to learn
• Strong written and verbal communication skills
• Basic understanding of cybersecurity principles and best practices
• Ability to explain technical concepts to non-technical audiences
• Strong attention to detail and a commitment to maintaining accuracy and consistency in all communications.
• Self-motivated and proactive, with a demonstrated ability to work independently and take ownership of assigned tasks and priorities in a fast-paced environment.
• Ability to manage multiple tasks simultaneously and carry out tasks which are assigned by the Management.
• Team player with strong collaboration skills to work with IT, operations, and external vendors.
• Professional certifications preferred: CISM, CISSP, CRISC, ISO 27001 Lead Implementer/Auditor, or equivalent

We regret that only shortlisted candidates will be notified. However, rest assured that all applications will be updated to our resume bank for future opportunities.

Please kindly refer to the Privacy Policy of Good Job Creations for your reference: https://goodjobcreations.com.sg/en/privacy-policy/

EA Personnel Name: Zoe Lang Zhen Zhen
EA Personnel Registration Number: R23117353
EA License No.: 07C5771

#SCR-zoe-lang