We are seeking a highly skilled and detail-oriented Cyber Risk Manager to lead the identification, assessment, and mitigation of cyber risks across the organization. The successful candidate will be responsible for developing and implementing risk management strategies to safeguard digital assets, ensure compliance with regulatory standards, and enhance our cybersecurity posture.

About Flo

Hi, we're Flo, and we are on a mission to switch as many people and businesses as possible to clean, renewable energy.

We do that by making clean energy as affordable as conventional energy, investing deeply in technology to provide a delightful product experience to our customers and keep our cost structure low so that the savings can be passed back to our customers. And yes, it's possible!

We are pushing boundaries and breaking conventions of the traditional power industry. To do so, we are looking for folks who share our passion for technology, sustainability & people. You might be the one we are looking for :)

Find out more about us on https://floenergy.sg/business/about

Key Responsibilities:

• Lead the development and execution of the organization's cyber risk management framework.
• Identify and assess cyber threats, vulnerabilities, and risks across systems, networks, and data assets.
• Work closely with IT, legal, compliance, and business units to align cyber risk initiatives with organizational objectives.
• Monitor and analyze threat intelligence to stay current with the evolving threat landscape.
• Conduct regular risk assessments, audits, and penetration tests.
• Establish and maintain cybersecurity risk registers and dashboards.
• Develop and enforce cybersecurity policies, procedures, and standards.
• Support incident response planning and coordination, including tabletop exercises and post-incident reviews.
• Prepare risk reports and present findings to senior management and stakeholders.
• Ensure compliance with regulatory requirements such as GDPR, HIPAA, ISO 27001, NIST, and others.
• Guide vendor risk assessments and third-party cyber risk management activities.
• Promote a strong cybersecurity culture through training and awareness programs.

Qualifications:

• Bachelor's degree in Cybersecurity, Information Technology, Risk Management, or a related field (Master's preferred).
• 5+ years of experience in cyber risk management, information security, or a related field.
• Strong understanding of cybersecurity frameworks (NIST, ISO 27001, COBIT, etc.).
• Relevant certifications such as CISSP, CISM, CRISC, or CISA are highly desirable.
• Experience with GRC tools (e.g., Archer, ServiceNow, RSA).
• Strong analytical, communication, and project management skills.
• Ability to communicate complex security concepts to non-technical stakeholders.

Culture and benefits:

• Impactful Role: Join a challenging start-up position where you can make a significant impact on the company's growth and success.
• Autonomy and Responsibility: Enjoy a high degree of freedom in an essential role, allowing you to take initiative and drive projects forward.
• Dynamic Environment: Work in an open-minded and dynamic environment alongside a talented and collaborative team.
• Comprehensive Compensation: Benefit from an attractive compensation package, including variable components such as a $1000 yearly learning budget, generous time-off, and a strong commitment to work-life balance.
• Hybrid Working: Work in a hybrid model, where you're allowed to work from home as well as from the office.

Equal Opportunity Employer Statement

We are committed to building diverse teams and creating an inclusive workplace that enables all our employees to perform at their best, regardless of nationality, ethnicity, religion, age, gender identity or sexual orientation. We are dedicated to creating a work environment where everyone is treated with respect and dignity, and where all employees have the opportunity to reach their full potential. We believe each individual's uniqueness is invaluable and helps make our company better.