Director Cyber Gov & Risk & Compliance

Date: 9 Jan 2026

Location: Singapore, Singapore

Company: Singtel Group

An empowering career at Singtel begins with a Hello. Our purpose, to Empower Every Generation, connects people to the possibilities they need to excel. Every "hello" at Singtel opens doors to new initiatives, growth, and BIG possibilities that takes your career to new heights. So, when you say hello to us, you are really empowered to say…“Hello BIG Possibilities”.

Looking for an opportunity to elevate your career? Our internal mobility program is just what you need!

In Singtel Group, we strongly believe that our employees are our most valuable assets and are committed to creating a culture that supports your professional growth. By exploring new job opportunities within the company, you can expand your skill sets, gain exposure to different areas of the business, and build a diverse and fulfilling career.

If you are keen to explore this position or would like to refer a friend, please apply with an updated resume attached. Should you have any questions or concerns, please do not hesitate to reach out to the Talent Acquisition Manager in charge.

Reporting to the Group Chief Information Security Officer (GCISO), the Group Cyber Governance, Risk & Compliance (GRC) Director is a senior Group-level leadership role accountable for setting, maintaining, and enforcing Singtel Group’s cyber security policies, standards, and compliance posture. The role owns the Group cyber policy framework, control standards, and assurance mechanisms that ensure cybersecurity risks are consistently identified, assessed, managed, and reported across all Operating Companies and Associates.

Working closely with OpCo risk and security leaders, the role defines Group-wide cyber governance requirements, including policies, minimum control standards, and risk acceptance principles. These policy guardrails establish clear expectations for due care, regulatory compliance, and “secure-by-default” outcomes, while allowing measured flexibility for local operating contexts.

As a policy authority and trusted governance advisor, the Group GRC Director provides independent oversight and challenge on major initiatives and material risk decisions. The role ensures that cybersecurity risks are formally assessed against Group policies and standards, that policy exceptions are governed through defined approval processes, and that residual risks are transparently escalated and accepted at the appropriate level.

This position requires strong risk judgement, regulatory insight, and executive influence, with the ability to translate complex technical and cyber risks into clear policy positions, compliance outcomes, and Board-level risk narratives. The role bridges business, technology, and security by embedding disciplined policy governance, compliance assurance, and accountability into the Group’s operating model.

• Act as the Group owner and governing authority for Singtel Group Cyber Security Policies, Standards, and Control Libraries, ensuring consistent application, resilience, and enforceability across all OpCos and Associates.
• Establish, maintain, and evolve Group-wide minimum cybersecurity requirements, including approval of material policy updates, standards enhancements, and control baselines.
• Continuously assess Singtel Group Cyber Security Policies and Standards against industry best practices and regulatory expectations (e.g. ISO/IEC, NIST, CIS Controls, GSMA), ensuring safeguards remain effective against the evolving threat landscape.
• Own and govern the policy exception and risk acceptance process, including escalation thresholds, decision authorities, and documentation of residual risk.
• Drive security culture and controls adoption through structured stakeholder engagement, training, and enablement across the Group.

• Define and own the Group Cybersecurity Controls and Risk Framework, including methodologies to assess inherent risk, control effectiveness, control maturity, and residual risk across cyber domains.
• Develop and maintain controls risk metrics, KRIs, and gap indicators to provide consistent, risk-based visibility of cybersecurity posture across Singtel Group.
• Translate controls and compliance outcomes into executive- and Board-level insights, supporting prioritisation, remediation planning, and informed risk decisions.

• Own the Group Compliance Assurance Framework, defining how compliance with Group Cyber Security Policies and Standards is assessed, validated, and reported across OpCos and Associates.
• Lead the transition from point-in-time assessments to continuous controls assurance, leveraging technology to provide near-real-time visibility of controls effectiveness and cyber resilience.
• Establish and execute a Group-wide digital GRC platform strategy as the single source of truth for governance, risk management, compliance, exceptions, and audit evidence.
• Drive the adoption of automation and agentic AI to scale compliance assessments, evidence collection, and controls monitoring, while maintaining auditability, traceability, and regulator confidence.

• Serve as the Group authority on cyber governance and risk, providing trusted advisory and challenge to senior management and Boards on cybersecurity risk posture and material exposures.
• Maintain awareness of emerging cyber threats, technologies (e.g. AI, quantum), and regulatory developments, translating these into risk-aligned governance and control enhancements.
• Act as a key interface with auditors, and external assessors on matters related to cyber governance, compliance, and assurance.
• Provide thought leadership and effective stakeholder engagement, balancing business enablement with risk discipline and regulatory expectations across the Group.

• Assist in planning and managing budgets for GRC programs.
• Recommend resource allocation strategies to optimize cost, scale, and talent effectiveness.

• Lead and contribute to cross-functional governance
• Collaborate with GRC leads across OpCos to align on Group cyber governance requirements, policy interpretation, risk assessment approaches, and compliance expectations, including the treatment of emerging technologies and new risk paradigms.
• Engage internal stakeholders across business, technology, and risk functions to ensure cybersecurity governance, risk posture, and compliance priorities are aligned with enterprise objectives and risk appetite.
• Drive Group-wide alignment and awareness of cyber risk and compliance priorities, promoting consistent understanding of policies, standards, and risk responsibilities across all Operating Companies and Associates.

• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.
• At least 10 years of experience in cybersecurity, technology risk, or GRC roles, with demonstrated experience operating in Group-level, regional, or multi-entity environments, overseeing policy, risk, and compliance across complex organisations.
• Demonstrated experience leading and governing large-scale cybersecurity or technology risk initiatives, including setting Group standards, driving compliance programmes, managing material risk issues, and engaging senior executives and Boards.
• Deep expertise in cybersecurity governance, risk management, and control frameworks, including NIST CSF, ISO/IEC 27001/27002, CIS Controls, and risk-based control models, with the ability to set, interpret, and enforce Group-wide policy and control standards.
• Strong understanding of telco, cloud, and enterprise IT operating environments, including cloud platforms, identity and access management, data protection, and network security, to enable informed risk-based policy decisions and governance oversight of emerging technologies (e.g. AI and quantum).
• Proven ability to translate complex technical and cyber risks into clear governance positions, executive briefings, and Board-level risk narratives that support informed decision-making and risk acceptance.
• Professional certifications preferred: CISSP, CISM, CRISC, CCSP, or equivalent credentials supporting senior leadership in governance, risk, and compliance.
• Demonstrated awareness of emerging cyber threats, regulatory developments, and evolving risk paradigms, with the ability to anticipate impacts to Group policy, controls, and assurance approaches.

• Exceptional leadership, collaboration, and team management skills.
• Ability to work effectively with diverse stakeholders, including subsidiaries in a conglomerate or multi-subsidiary environment.
• Strong analytical, decision-making, and problem-solving skills, especially in dynamic and high-pressure situations.

• Flexible work arrangements
• Full suite of health and wellness benefits
• Ongoing training and development programs
• Internal mobility opportunities

Take the leap with Singtel to unlock new opportunities and accelerate your growth. Apply now and start your empowering career!

We are committed to a safe and healthy environment for our employees & customers and will require all prospective employees to be fully vaccinated.