Senior Manager, Cybersecurity Governance

Support the CIO/AVP Cybersecurity in developing multi-year cyber risk and compliance strategies.

Implement and maintain the cybersecurity governance framework, aligning with enterprise risk and compliance programs.

Develop, maintain, and socialize cybersecurity policies, standards, and guidelines.

Lead policy governance cycles including stakeholder consultations, review, and approval processes.

Oversee compliance to internal policies and regulatory requirements (e.g. MAS TRM, ISO 27001, NIST, PDPA).

Lead the cybersecurity risk management program, including identification, assessment, treatment, and reporting of cyber risks.

Drive implementation of cyber risk metrics and dashboards for executive and board-level reporting.

Collaborate with enterprise risk and audit teams to embed cyber risk into wider enterprise risk frameworks.

Advise business and technology units on control design, residual risk, and exceptions.

Stay abreast of evolving regulatory and industry trends and advise on potential impacts.

Develop and lead the cybersecurity assurance program including control testing, self-assessments, and control attestation.

Coordinate and manage internal and external audits, including regulator-driven audits and penetration testing programs.

Track findings and drive remediation to closure, including reporting to senior stakeholders.

Partner with Security Architecture, Operations, and Engineering teams to ensure alignment of controls to policies and risk posture.

Mentor, and lead a capable in-house governance team.

Promote a culture of accountability, collaboration, and continuous improvement.

Execute organization-wide security awareness and training programs.

Act as the key liaison to regulators, auditors, and industry bodies on cybersecurity GRC matters.

Provide expert guidance to senior leadership, IT teams, and business units on policy interpretation, risk decisions, and control expectations.

Conduct regular awareness and training sessions on cybersecurity governance and responsibilities.

• Degree in Computer Science or other relevant field of study.
• Professional certification such as CGEIT ,CISM, CISA, CISSP, CRISC will be an advantage.
• Minimum 5 to 8 years of Cybersecurity Governance, Risk & Compliance (GRC) working experience.
• Well verse in Security Standards/Framework such ISO27001, IEC62443 and NIST etc.
• Well verse in MITRE ATT&CK framework.
• Good understanding of various regulation/laws related to cybersecurity.
• Good understanding of IT Governance, Project Management & Methodologies.
• Strong understanding of security governance, operations, risk management, and compliance.
• Proven ability to communicate and influence effectively at the senior management and board levels.
• Familiarity with financial services or critical infrastructure regulatory environments is an advantage.