About the Role:

We are seeking a highly skilled Senior Cybersecurity GRC Consultant. In this role, you will be responsible for leading and executing governance, risk, and compliance activities across complex IT and cybersecurity environments. You will work closely with internal stakeholders, clients, and regulatory bodies to ensure cybersecurity programs are aligned with industry standards, compliance requirements, and best practices.

This is a key role for driving cyber resilience, improving risk posture, and enabling secure digital transformation across the organization or client environment.

Key Responsibilities:

• Develop, implement, and manage cybersecurity governance frameworks, policies, and procedures.
• Conduct risk assessments and provide recommendations to mitigate security risks and improve controls.
• Lead compliance programs aligned with regulatory and industry standards (e.g., MAS TRM, PDPA, ISO 27001, NIST, CSA, GDPR).
• Support and guide teams in preparing for audits and regulatory inspections.
• Work with business and IT teams to integrate security into business processes and project lifecycles.
• Maintain risk registers, track remediation activities, and report risk posture to management.
• Perform third-party risk assessments, including vendor due diligence and contract reviews.
• Stay updated on emerging regulations, threats, and best practices in cybersecurity and data protection.
• Provide subject matter expertise and mentorship to junior team members and stakeholders.

Required Qualifications:

• Bachelor's or Master's degree in Information Security, Computer Science, or a related field.
• Minimum 6-8 years of experience in cybersecurity, with a strong focus on GRC.
• Deep understanding of governance frameworks and compliance standards such as:
  • MAS TRM
  • PDPA
  • ISO/IEC 27001/27005
  • NIST Cybersecurity Framework
  • CSA CCM
  • GDPR and other international privacy regulations
• Experience conducting risk assessments, managing audit cycles, and policy development.
• Strong communication skills to engage and influence cross-functional teams and senior stakeholders.
• Proven track record of working with regulatory authorities or clients in regulated industries (e.g., BFSI, healthcare, government).

Preferred Certifications (Nice to Have):

• CISSP (Certified Information Systems Security Professional)
• CISA (Certified Information Systems Auditor)
• CRISC (Certified in Risk and Information Systems Control)
• ISO 27001 Lead Auditor / Implementer
• CGRC (Certified in Governance, Risk and Compliance - formerly CAP)

Why Join Us:

• Opportunity to work with top-tier clients in financial services, government, and enterprise sectors.
• Be at the forefront of cybersecurity strategy and transformation in a rapidly evolving landscape.
• Collaborative team environment with access to continuous learning and development.