AVP/VP, Cybersecurity Governance and Risk Management

We are looking for an experienced and proactive Cybersecurity professional to join our client as AVP/VP in the Governance, Risk and Compliance (GRC) function. You will play a key role in driving the design, implementation, and continuous improvement of our cybersecurity policies, risk management framework, and compliance practices across the enterprise. Please note that this role is under direct employment of our client.

Key Responsibilities:

Cybersecurity Governance:

• Develop, review, and maintain cybersecurity policies, standards, and procedures aligned to regulatory requirements (e.g., MAS TRM, CSA, PDPA, ISO27001, NIST).
• Establish and manage a cybersecurity governance framework and operating model.
• Facilitate governance forums, steering committees, and working groups to ensure alignment and oversight of cybersecurity initiatives.

Risk Management:

• Lead the execution of technology and cybersecurity risk assessments across projects, systems, and third-party engagements.
• Maintain and monitor the cyber risk register, ensure risk mitigation plans are in place and tracked to closure.
• Work with business units and IT to identify, assess, and manage emerging cyber risks.

Compliance & Assurance:

• Oversee compliance with internal policies and external regulations through continuous control monitoring and assurance reviews.
• Manage and support internal and external audits, including coordination of responses, remediation tracking and control improvement.
• Conduct periodic risk and compliance reporting for senior management and board-level committees.

Third Party & Project Risk:

• Perform security due diligence and risk assessments for third-party vendors and outsourced service providers.
• Evaluate cybersecurity controls during project lifecycle (including secure SDLC reviews, change management risks, etc.)

Awareness & Culture:

• Drive security awareness and training programs across the organization.
• Promote a culture of risk awareness and cybersecurity accountability among business and technology stakeholders.

Requirements:

• Bachelor's degree in Information Security, Computer Science, IT, or related field.
• 8-15 years of experience in cybersecurity, IT risk, audit, or GRC, preferably in financial services, consulting, or regulated industries.
• Strong knowledge of regulatory requirements and cybersecurity frameworks (e.g., MAS TRM, ISO27001, NIST CSF, CIS, CSA CCM).
• Hands-on experience with risk assessment methodologies, control testing, and third-party risk management.
• Familiarity with GRC tools (e.g., Archer, ServiceNow GRC) and security compliance monitoring tools.
• Professional certifications such as CISSP, CISM, CRISC, or CISA preferred.
• Excellent communication and stakeholder management skills, with the ability to translate technical risks into business impact.

To Apply:

If you're keen to explore this opportunity, please share your CV or reach out to Chen Yi at [email protected] for a confidential discussion.

Kindly note that due to the high volume of applications, only shortlisted candidates will be contacted.

Registration No.: R1876389

Licence No.: 16S8060