Risk Management jobs in Singapore

GovTech is the lead agency driving Singapore’s Smart Nation initiatives and public sector digital transformation. As the Centre of Excellence for Infocomm Technology and Smart Systems (ICT & SS), GovTech develops the Singapore Government’s capabilities in Data Science & Artificial Intelligence, Application Development, Smart City Technology, Digital Infrastructure, and Cybersecurity.

The Cyber Security Group (CSG) is GovTech’s cybersecurity arm. CSG is committed to creating a digital government that is safe and secure. It delivers technical and operational capabilities to counteract cyber threats, provides thought leadership on transformative cybersecurity governance and policies, and strengthens the cybersecurity posture of government agencies in a sustainable, pragmatic, and effective manner.

Reporting to the Ministry CISO (MCISO), you will be the primary architect of the Ministry’s security governance and risk management framework. You will ensure that all agencies within the Ministry Family operate under a unified, effective, and modern security standard and transform GRC from a compliance‑heavy exercise into a strategic enabler.

• Enterprise Risk Governance & Management – Establish and oversee a living Ministry‑wide security risk register; lead high‑level risk conversations with senior agency leaders; develop a robust framework for consistent, high‑quality risk analysis.
• Threat Risk Assessment (TRA) & Standards – Maintain Ministry‑wide standards for TRA across Cloud, Web Applications, and OT/ICS; identify “Crown Jewels” and map threat vectors; standardise security configuration controls.
• Zero Trust & Architecture Governance – Lead a Ministry‑wide Zero Trust Framework, advise on identity‑based security and micro‑segmentation, and evaluate security technologies to keep defensive layers relevant.
• Supply Chain & Ecosystem Risk Management – Establish a framework to manage risks across software supply chains and IT vendors; develop standards for assessing cyber‑resilience of third‑party partners.
• Audit Excellence & Systemic Improvement – Shift agencies to continuous compliance and readiness; oversee closure of audit findings; analyze audit trends to fix systemic weaknesses.
• Stakeholder Management & Threat Intelligence – Partner with senior CIOs and CISOs to inculcate a proactive risk‑management mindset; keep abreast of evolving threat actors and technology changes.

• 10–12 years in Cybersecurity GRC, Information Security Risk Management, or Security Architecture.
• Proven experience managing risks across IT and Cloud environments; exposure to OT systems is a significant advantage.
• Deep familiarity with Singapore Government security policies (e.g., Instruction Manual on IT Management) and international standards (e.g., NIST, ISO 27001).

• Risk assessment methodologies (e.g., TVRA) and the ability to translate technical vulnerabilities into business risk.
• Strong technical understanding of Zero Trust Architecture components and cloud security technologies (Firewalls, EDR, IAM, SIEM, CSPM, CWPP, CASB, secrets management).
• Mapping technical controls to the MITRE ATT&CK framework.
• Proficiency in manual and automated testing tools; deep understanding of MITRE ATT&CK and common TTPs.
• Professional certifications such as CISM, CRISC, CISSP, OSCP or OSWE are highly preferred.

• Strategic influence – educate and persuade senior stakeholders on the importance of rigorous risk governance.
• Critical thinking – find and fix underlying systemic issues beyond surface‑level audit compliance.
• Lifelong learner – passion for staying updated on the latest security technologies and evolving cyber threat landscapes.
• Risk articulation – translate deep technical issues into business risk for non‑technical senior executives.

• This role is open to Singaporeans Only.

GovTech is the lead agency driving Singapore’s Smart Nation initiatives and public sector digital transformation. It is the Centre of Excellence for Infocomm Technology and Smart Systems (ICT & SS). GovTech develops the Singapore Government’s capabilities in Data Science & Artificial Intelligence, Application Development, Smart City Technology, Digital Infrastructure, and Cybersecurity. It offers a purposeful career, strong learning and development opportunities, and a holistic rewards approach.

We are an equal opportunity employer and value diversity at our company as we believe that diversity is meaningful to innovation.