We are seeking a highly experienced and strategic cybersecurity leader to join our client's team as the Head of Cybersecurity Governance, Policy, Risk & Assurance. In this role, you will be responsible for establishing and maintaining the organization's cybersecurity governance framework, risk management practices, policies, and assurance programs. You will work closely with business and technology stakeholders to ensure alignment with industry standards, regulatory requirements, and risk appetite. This is a direct, permanent employment with our client, where you will be managing a team.

Key Responsibilities:

Governance & Policy

• Define and maintain the cybersecurity governance framework, aligning with enterprise risk and compliance programs.
• Develop, maintain, and socialize cybersecurity policies, standards, and guidelines.
• Lead policy governance cycles including stakeholder consultations, review, and approval processes.
• Oversee compliance to internal policies and regulatory requirements (e.g. MAS TRM, ISO 27001, NIST, CSA CCOP).

Risk Management

• Lead the cybersecurity risk management program, including identification, assessment, treatment, and reporting of cyber risks.
• Drive implementation of cyber risk metrics and dashboards for executive and board-level reporting.
• Collaborate with enterprise risk and audit teams to embed cyber risk into wider enterprise risk frameworks.
• Advise business and technology units on control design, residual risk, and exceptions.

Assurance & Audit

• Develop and lead the cybersecurity assurance program including control testing, self-assessments, and control attestation.
• Coordinate and manage internal and external audits, including regulator-driven audits and penetration testing programs.
• Track findings and drive remediation to closure, including reporting to senior stakeholders.

Stakeholder Engagement

• Act as the key liaison to regulators, auditors, and industry bodies on cybersecurity GRC matters.
• Provide expert guidance to senior leadership, IT teams, and business units on policy interpretation, risk decisions, and control expectations.
• Conduct regular awareness and training sessions on cybersecurity governance and responsibilities.

Strategic Projects

• Support the CISO in developing multi-year cyber risk and compliance strategies.
• Partner with Security Architecture, Operations, and Engineering teams to ensure alignment of controls to policies and risk posture.
• Stay abreast of evolving regulatory and industry trends and advise on potential impacts.

Requirements:

• Bachelor's or Master's degree in Information Security, IT, Computer Science, or related field.
• Minimum 10-15 years of experience in cybersecurity, with at least 5 years in leadership roles focused on governance, risk, and compliance.
• Strong knowledge of industry frameworks and standards.
• Familiarity with financial services, healthcare, or critical infrastructure regulatory environments is an advantage.
• Professional certifications preferred: CISA, CRISC, CISSP, CGEIT, CISM, CDPSE, ISO Lead Implementer/Auditor.
• This role is only open to Singaporeans/PR

To Apply:

If you're keen to explore this opportunity, please share your CV or reach out to Chen Yi at [email protected] for a confidential discussion.

Kindly note that due to the high volume of applications, only shortlisted candidates will be contacted.

Registration No.: R1876389

Licence No.: 16S8060