Share this Job

Cyber Security GRC Lead

Date: 19-Nov-2021

Location: Singapore, Singapore

Company: Singtel Group


Singtel, Asia’s leading communications technology group, provides an extensive range of telecommunications and digital services to millions of consumers and businesses across Asia, Australia, Africa and the USA. With over 140 years of innovation behind us, we continue to push boundaries in our networks and services, to enrich lives and transform businesses.


Our core values – Customer Focus, Challenger Spirit, Teamwork, Integrity, and Personal Excellence – shape the way we work. We are passionate about making a difference and have an open and inclusive culture where everyone is empowered to do their best. Our diverse business means you will enjoy unique opportunities and rewarding experiences to learn and grow your career in a dynamic industry.


Join us and experience what it’s like to be with an Employer of Choice*. Together, let’s create a brighter digital future for all. *Awarded at the HR Fest Awards 2020



Key Responsibilities: 


  1. Work with SingCash CISO to support the cyber security agenda of SingCash.
  2. Directly responsible for policies, procedures and controls to assure compliance with applicable regulatory, legal and audit requirements as well as good business practices
  3. Work with Singtel GCR Policy & Awareness team on system cybersecurity risk awareness program to drive risk management best practices/culture into the Business Units and Program Managers.
  4. Develop and manage the cyber security risk management program incorporating security risk assessment methodologies using industry practices.  
  5. Develop a risk strategy that identifies and classifies risks, defines appropriate tolerances, prioritizes mitigation activities, and measures risk levels using industry best practices, such as CMMI Cyber Maturity / NIST CSF Framework
  6. Develop strong relationships with external audit and key stakeholders to ensure risk management oversight is understood, managed appropriately and current with all standards, guidelines, and regulations that are applicable
  7. Communicates and assist Business Units to address identified cybersecurity risks to meet business local objectives
  8. Designing processes to identify, improve and optimize cybersecurity risk management practices, including control assessment criteria to verify the results of Cybersecurity reviews conducted on Systems.
  9. Establish and oversee formal risk analysis and self-assessments program for various information services, systems, processes and recognized industry standards
  10. Identify, assess, manage, and track remediation of risks related to IT infrastructure, applications, platforms and suppliers and drive explicit requirements and timelines in all environments
  11. Review the assessment reports carried out by the team members and provide guidance to them for improve team performance
  12. Establish and oversee formal vulnerability management, penetration testing and security posture assessment programs
  13. Develop security compliance strategy and approach and ensure compliance with applicable regulatory, legislative, and industry specific compliance requirements
  14. Oversee third party assessment standards and privileged user monitoring as a check on critical system access
  15. Establish and maintain Security GRC processes to provide visibility and transparency
  16. Provide regular reporting to SingCash CISO and Management on security postures of Systems



  • Bachelor Degree in Computer Science, Computer Engineering, Electrical Engineering or other relevant field of study
  • Minimum 4 years of experience as Information Security Risk Management
  • At least 8 years relevant information security working experience 
  • Good understanding in the following areas: Platform Security, Data Security, Network Security, Physical Security, Security Assessment Tools, Security Monitoring Tools.   
  • Strong understanding of IT Security risk, Audit and information security principles
  • Strong understanding of information security standards and practices such as MAS TRM, CIS Controls, ISO27001, PCI-DSS and OWASP.
  • Team player and able to work independently and proactively
  • Be able to communicate effectively with business user and project team
  • Possess good working attitude and self-motivated to learn






We believe in the strength of a vibrant, diverse and inclusive workforce where backgrounds, perspectives and life experiences of our people help us innovate and create strong connections with our customers. We strive to ensure all our people practices are non-discriminatory and provide a fair, performance-based work culture that is diverse, inclusive and collaborative.