Information and Cyber Security Engineer - GRC

Job Summary

Seeking an experienced Information & Cyber Security Engineer to strengthen a centralized technology function and accelerate secure cloud adoption across a regional operations footprint. The role focuses on cybersecurity risk assessment, cloud security, thirdparty assurance, and governance in a regulated environment of a financial and banking environment.

Mandatory Skill-set

• Must have at least 5+ years’ experience in information security, risk management, or cybersecurity roles;
• Must have minimum 2+ years’ hands on experience securing public, private, and hybrid cloud environments;
• Strong grasp of threat modelling, risk assessment methodologies, and risk mitigation approaches;
• Knowledge of security governance and standards (e.g., ISO 27001, MAS TRM / local regulator frameworks, NIST, CCM);
• Demonstrated experience performing: IT security risk assessments, vendor/thirdparty security due diligence, and tech obsolescence reviews;
• Familiarity with cloud security frameworks, cybersecurity tools, and risk governance;
• Prior experience in banking, asset management, or other heavily regulated sectors;
• Proven ability to influence senior stakeholders and drive security improvements endtoend.

Desired Skill-set

• Certifications :CISSP, CISM, CRISC, CEH, CCSP, or relevant certifications from - ISC2, ISACA, SANS, Microsoft, AWS, CISCO;
• Proven ability to influence senior stakeholders and drive security improvements endtoend;
• Motivated self-starter with leadership skills and the ability to work independently;
• Familiarity with security monitoring tools and automation/digitization of workflows;
• Strong analytical skills and a pragmatic approach to remediations and controls.

Responsibilities

• Plan and carry out comprehensive IT security risk assessments across applications, infrastructure and cloud services;
• Lead security due diligence for thirdparty service providers, including onsite assessments where required;
• Identify and manage risks arising from technology obsolescence and platform endoflife scenarios;
• Advise technology and business teams as a trusted subject matter expert on security and risk decisions;
• Provide guidance and oversight to regional/subsidiary security teams to ensure consistent risk management practices;
• Maintain and enhance security checklists, guidelines, and governance artefacts;
• Drive process improvements, automation and digitization to streamline risk management workflows;
• Produce regular risk reports and track remediation actions; keep abreast of emerging threats and security trends.

Should you be interested in this career opportunity, please send in your updated resume to [email protected] at the earliest.

When you apply, you voluntarily consent to the disclosure, collection and use of your personal data for employment/recruitment and related purposes in accordance with the SCIENTE Group Privacy Policy, a copy of which is published at SCIENTE’s website (https://www.sciente.com/privacy-policy).

Confidentiality is assured, and only shortlisted candidates will be notified for interviews.

EA Licence No. 07C5639