Cyber Security Engineer (GRC)

Responsibilities

Governance

• Develop and maintain cybersecurity policies, procedures, and standards in alignment with industry frameworks (e.g., ISO 27001, NIST Cyber Security Framework).
• Oversee the organization's cybersecurity governance program and ensure alignment with business objectives.

Risk Management

• Identify, assess, and document cybersecurity risks to the organization.
• Develop and maintain risk registers and implement mitigation strategies.
• Perform regular security assessments, including vulnerability assessments and third-party risk evaluations.

Compliance

• Ensure the organization's adherence to relevant regulations, standards, and frameworks (e.g., PDPC).
• Conduct regular compliance audits and provide recommendations for remediation.

Incident Response and Monitoring

• Collaborate with incident response teams to establish protocols for managing and reporting cybersecurity incidents.
• Ensure compliance with legal and regulatory reporting requirements for incidents.

Reporting and Metrics

• Develop and present reports on cybersecurity compliance, risk posture, and governance metrics to leadership and stakeholders.

Collaboration and Stakeholder Engagement

• Work closely with IT, Legal, HR, and other departments to ensure a cohesive approach to cybersecurity.
• Act as a liaison between technical teams and business units to align cybersecurity practices with organizational goals.

Requirements

• Bachelor's degree in Cybersecurity, Information Technology, or a related field.
• 3+ years in a cybersecurity or GRC-related role.
• Good working knowledge of security risk management, security governance framework and compliance, vulnerability management (vulnerability assessment, penetration testing), and security incident response and security assessment.
• Strong understanding of ISO 27001 standard and NIST Cyber Security Framework.
• Strong background in vulnerability management tools.
• Knowledge of SIEM and GRC tools.
• Understand Disaster Recovery, Business Continuity, and IT Regulatory Compliance.
• Excellent interpersonal and communication skills. Good command of written and spoken English.
• Pro-active, independent, resourceful, able to work in a team environment and work independently with minimal supervision.
• Work well with all functional levels in the organization.
• It will be advantageous to have at least one of these certifications: CGRC (ISC2), CRISC (ISACA).
• Prior IT security consulting experience will be advantageous.
• 5 days work week, East.

All successful candidates can expect a very competitive remuneration package and a comprehensive range of benefits.

Kindly email your resume in a detailed Word format to celeste.wong@peopleprofilers.com

We regret that only shortlisted candidates will be notified.

People Profilers Pte Ltd

Tel: 6950 9754

EA Registration Number: R22110899

EA License number: 02C4944

EA Personnel: Celeste Wong Xin Yann