IT GRC Manager – Cybersecurity
Singapore, Singapore
Contract
6 hours ago
No Sponsorship
Key skills
CloudCyber SecurityAgileLeadershipStakeholder ManagementRisk ManagementCommunicationCloud Security
About this role
Role Overview
- Function in a small but agile team, supporting a Certificate Authority Infrastructure system
- Be required to establish Risk Oversight & maintaining hands-on involvement in developing and ensuring processes are compliant for a Public Key Infrastructure system
- Need to Establish Key risks and control metrics to measure success for stakeholder reporting
- Apply systems thinking to understand how controls interact across processes, platforms, and teams, moving beyond theoretical requirements to practical implementation. A key aspect of your role involves translating risk governance requirements into actionable solutions that prioritise stakeholder experience, ensuring appropriate governance without hindering operational velocity and innovation.
- Need to collaborate with teams across different domains in the implementation of practical solutions
- Serve as a risk and compliance advisor to the project team, project stakeholders, providing guidance on risk scenarios
- Need to be able to conduct risk assessments and ensuring that cybersecurity and operational risks are effectively identified, assessed, and mitigated.
- Be expected to prepare and lead the team to succeed in audits. You will be expected to be familiar with the team's compliance and risk posture, front the audits and guide the team effectively in addressing Auditor’s Request For Information.
- Support stakeholder such as the CISO in providing guidance in risk and compliance controls, risk training programmes, etc
- Contribute to enhancing and optimising Risk Management frameworks, including how collection compliance and risk metrics could be automated and maintained their relevance
- Develop and maintain Risk and Compliance documentation & runbooks with the project team and training materials.
- Be required to keep yourself updated with industries best practices and government policies and translate them into actionable items to continuously improve the Risk & Compliance posture of the system
Requirements
- Specialised Technical Expertise: You should possess deep knowledge of cybersecurity risk frameworks, operational risk management methodologies, and technology risk assessment techniques. For this role, deep knowledge or hands-on experience in WebTrust for Certificate Authority will be highly valued. Experience with risk management methodologies such as FAIR, ISO 27005 and NIST SP 800-30, and operational risk models is essential. Understanding of cloud security, data protection, and emerging technology risks will be required. You must demonstrate pragmatic controls design capabilities and comfort operating in imperfect integration environments.
- Strategic and Analytical Capabilities: Strong analytical thinking and structured problem-solving abilities are crucial, along with the capacity to synthesise complex information into actionable insights. You should demonstrate experience in developing risk strategies, conducting scenario analysis, and presenting risk assessments to senior leadership. Proficiency in risk modelling tools and techniques, combined with systems thinking across business, technology, and risk domains, is expected. The ability to translate technical risks into business impact terms is essential.
- Leadership and Communication Skills: Excellent stakeholder management abilities are essential, particularly in engaging with senior leadership, CISOs, and cross-functional teams. You should be comfortable presenting to executive audiences and possess strong written communication skills for developing policies and risk reports. Strong leadership capability to drive systemic change and influence without relying solely on direct authority is critical, along with the ability to build consensus across diverse stakeholder groups.
- Experience and Qualifications: A minimum of 4 to 6 years of progressive experience in risk management, with significant exposure to cybersecurity and operational risk domains. Experience in technology organisations, government agencies, or regulated industries would be advantageous. Professional certifications such as Open FAIR, CISSP or CRISC preferred.
Tech Stack
- Cloud
- Cyber Security
Benefits
- A wholly-owned subsidiary of GovTech.
- An attractive yearly training budget and annual performance bonus.