Security Consultant (GRC)

We are looking for a strategic, detail-oriented individual to join our team as a Security Consultant with a focus on Governance, Risk, and Compliance (GRC). Your responsibilities will include assessing security risks, ensuring compliance with regulatory standards, and developing policies to enhance the security posture of our organisation and clients.

As the Security Consultant (GRC), you should have excellent attention to details, strong strategic planning skills, and the ability to navigate complex regulatory environments. Consultants must possess good communication and interpersonal skills, confident to engage with people at all levels, along with good knowledge of security frameworks and compliance standards.

• Conducting security risk assessments to identify, quantify, and prioritise security risks in line with compliance requirements.
• Developing and implementing security policies and procedures to address regulatory and compliance standards/guidelines (e.g., ISO 27001, SS714, NIST, CIS, PDPA, OSPAR, MAS Guidelines, IM8).
• Creating risk treatment plans and advising on best practices for mitigating risks and achieving compliance.
• Coordinating and collaborating with a team of security specialists, assigning tasks related to GRC objectives, and providing guidance.
• Meeting with clients to discuss risk assessments, regulatory compliance, and governance requirements, presenting findings and recommended controls.
• Performing regular security audits and compliance checks, recommending corrective actions to improve security posture.
• Compiling and presenting detailed reports on risk assessments, compliance status, and audit results.
• Providing guidance on enhancing current security policies and protocols to strengthen governance and risk management.
• Remaining up to date with industry standards, regulations, and best practices in GRC, including continuous learning on evolving security frameworks.
• Training staff on compliance requirements, risk management practices, and security policies.

• A Bachelor's degree in Cybersecurity, Information Technology, or a related field.
• Solid understanding of GRC frameworks (e.g., ISO 27001, SS714, NIST, CIS, IM8, OSPAR, MAS Guidelines).
• Excellent skills in policy development, risk assessment, and compliance management.
• Strong communication skills, with the ability to explain complex regulatory requirements in an accessible way.
• Highly analytical, with excellent organisational and strategic planning skills.
• A detail-oriented, objective, professional and ethical approach to security and compliance.
• Competent in the use of Microsoft Office tools.
• Added advantage using AI tools for research and work purposes.
• Good teamwork and time management skills.