Cybersecurity Consultant (GRC, Risk & Compliance)
STONE CYBERSECURITY PTE. LTD.
About Stone Cybersecurity Pte Ltd
Stone Cybersecurity Pte Ltd is a leading cybersecurity consulting firm in Singapore and a CREST-accredited service provider. We help organizations across industries strengthen their security posture, achieve compliance, and mitigate cybersecurity risks. Our team is passionate about protecting businesses from cyber threats and fostering a collaborative and innovative work environment that values continuous learning and professional growth.
The Opportunity
We are looking for a Cybersecurity Consultant (GRC, Risk & Compliance) to drive our ISO 27001, CSA Cyber Essentials Mark (CEM), Cyber Trust Mark (CTM), Threat & Risk Assessment (TRA) and regulatory compliance engagements.
You will play a critical role in helping clients pass audits, satisfy regulators, and build real security, not just paperwork. This role sits at the intersection of governance, architecture, and risk, working closely with our penetration testers, SOC team and clients' IT teams.
[Key Responsibilities]
GRC & Compliance
• \tLead ISO/IEC 27001, CSA CEM and Cyber Trust Mark (CTM) readiness and audits.
• \tPerform gap assessments against MAS TRM, CSA, PDPA and GDPR.
• \tDevelop audit-ready ISMS documentation, including policies, SoA, risk registers and control mappings.
Threat & Risk Assessment
• \tConduct Threat & Risk Assessments (TRA) for cloud, enterprise and regulated environments.
• \tIdentify assets, threats, vulnerabilities, impacts and risks, and define mitigation plans.
• \tProduce regulator-grade TRA reports aligned to CSA, IM8, NIST and ISO methodologies.
Security Architecture & Risk
• \tReview system and cloud architectures against ISO 27001, NIST CSF/800-53 and CSA CTM/CEM.
• \tAssess network design, access control, logging, encryption and data flows.
• \tProvide practical, risk-based security recommendations.
Policy, Awareness & Governance
• \tDevelop security policies, incident response plans and governance frameworks.
• \tDeliver security awareness briefings and support audit and regulatory engagements.
Client Delivery & Advisory
• \tAct as GRC lead for client engagements.
• \tWork with VAPT, SOC and architecture teams to align technical findings with risk and compliance.
• \tPresent risk and compliance positions to CIOs, CISOs, auditors and regulators.
[What You Bring]
Must-Have Qualifications
• Bachelor's degree in Cybersecurity, Information Security, Computer Science, or a related field.
• Minimum 3 years of experience in cybersecurity consulting, compliance audits, risk management, or security architecture.
• Expertise in ISO 27001:2022, NIST CSF and NIST 800-53 frameworks.
• Experience in designing, implementing, and testing system security architecture.
• Strong knowledge of compliance regulations (e.g., MAS TRM, PDPA, GDPR).
• Excellent report writing, presentation, and communication skills.
• Ability to work independently and manage client engagements.
Preferred Certifications (Highly Advantageous)
• ISO 27001 Lead Auditor / Implementer
• CISSP, CISA, CISM, CRISC
• CREST Registered Technical Security Architect (CRTSA)
• Information Systems Security Architecture Professional (CISSP-ISSAP)
Additional Preferences
• Experience with penetration testing, security architecture, or cloud security frameworks is a plus.
• Familiarity with SIEM, SOC operations, and security tools.
• Candidates who can join quickly will be given preference.
Why Join Us?
• Work with a highly skilled cybersecurity team in a CREST-accredited firm.
• Exposure to diverse cybersecurity projects across multiple industries.
• Opportunities for continuous learning and professional growth.
• Competitive salary and benefits package.
Stone Cybersecurity Pte Ltd is a leading cybersecurity consulting firm in Singapore and a CREST-accredited service provider. We help organizations across industries strengthen their security posture, achieve compliance, and mitigate cybersecurity risks. Our team is passionate about protecting businesses from cyber threats and fostering a collaborative and innovative work environment that values continuous learning and professional growth.
The Opportunity
We are looking for a Cybersecurity Consultant (GRC, Risk & Compliance) to drive our ISO 27001, CSA Cyber Essentials Mark (CEM), Cyber Trust Mark (CTM), Threat & Risk Assessment (TRA) and regulatory compliance engagements.
You will play a critical role in helping clients pass audits, satisfy regulators, and build real security, not just paperwork. This role sits at the intersection of governance, architecture, and risk, working closely with our penetration testers, SOC team and clients' IT teams.
[Key Responsibilities]
GRC & Compliance
• \tLead ISO/IEC 27001, CSA CEM and Cyber Trust Mark (CTM) readiness and audits.
• \tPerform gap assessments against MAS TRM, CSA, PDPA and GDPR.
• \tDevelop audit-ready ISMS documentation, including policies, SoA, risk registers and control mappings.
Threat & Risk Assessment
• \tConduct Threat & Risk Assessments (TRA) for cloud, enterprise and regulated environments.
• \tIdentify assets, threats, vulnerabilities, impacts and risks, and define mitigation plans.
• \tProduce regulator-grade TRA reports aligned to CSA, IM8, NIST and ISO methodologies.
Security Architecture & Risk
• \tReview system and cloud architectures against ISO 27001, NIST CSF/800-53 and CSA CTM/CEM.
• \tAssess network design, access control, logging, encryption and data flows.
• \tProvide practical, risk-based security recommendations.
Policy, Awareness & Governance
• \tDevelop security policies, incident response plans and governance frameworks.
• \tDeliver security awareness briefings and support audit and regulatory engagements.
Client Delivery & Advisory
• \tAct as GRC lead for client engagements.
• \tWork with VAPT, SOC and architecture teams to align technical findings with risk and compliance.
• \tPresent risk and compliance positions to CIOs, CISOs, auditors and regulators.
[What You Bring]
Must-Have Qualifications
• Bachelor's degree in Cybersecurity, Information Security, Computer Science, or a related field.
• Minimum 3 years of experience in cybersecurity consulting, compliance audits, risk management, or security architecture.
• Expertise in ISO 27001:2022, NIST CSF and NIST 800-53 frameworks.
• Experience in designing, implementing, and testing system security architecture.
• Strong knowledge of compliance regulations (e.g., MAS TRM, PDPA, GDPR).
• Excellent report writing, presentation, and communication skills.
• Ability to work independently and manage client engagements.
Preferred Certifications (Highly Advantageous)
• ISO 27001 Lead Auditor / Implementer
• CISSP, CISA, CISM, CRISC
• CREST Registered Technical Security Architect (CRTSA)
• Information Systems Security Architecture Professional (CISSP-ISSAP)
Additional Preferences
• Experience with penetration testing, security architecture, or cloud security frameworks is a plus.
• Familiarity with SIEM, SOC operations, and security tools.
• Candidates who can join quickly will be given preference.
Why Join Us?
• Work with a highly skilled cybersecurity team in a CREST-accredited firm.
• Exposure to diverse cybersecurity projects across multiple industries.
• Opportunities for continuous learning and professional growth.
• Competitive salary and benefits package.
JOB SUMMARY
Cybersecurity Consultant (GRC, Risk & Compliance)
STONE CYBERSECURITY PTE. LTD.
Singapore
20 hours ago
N/A
Full-time
Cybersecurity Consultant (GRC, Risk & Compliance)