Cyber Security Engineer (Governance, Risk & Compliance)

Job Responsibilities

1. Governance

• Develop and maintain cybersecurity policies, procedures,and standards in alignment with industry frameworks (e.g., ISO 27001, NIST Cyber Security Framework).
• Oversee the organization's cybersecurity governance program and ensure alignment with business objectives.
• Provide guidance and training to stakeholders to ensure compliance with established policies and standards.

2. Risk Management

• Identify, assess, and document cybersecurity risks to the organization.
• Develop and maintain risk registers and implement mitigation strategies.
• Perform regular security assessments, including vulnerability assessments and third-party risk evaluations.

3. Compliance

• Ensure the organization's adherence to relevant regulations, standards, and frameworks (e.g., PDPC).
• Conduct regular compliance audits and provide recommendations for remediation.
• Monitor changes in regulatory requirements and ensure timely updates to policies and procedures.

4. Incident Response and Monitoring

• Collaborate with incident response teams to establish protocols for managing and reporting cybersecurity incidents.
• Ensure compliance with legal and regulatory reporting requirements for incidents.

5. Reporting and Metrics

• Develop and present reports on cybersecurity compliance, risk posture, and governance metrics to leadership and stakeholders.
• Track and analyze key performance indicators (KPIs) related to GRC initiatives.

6. Collaboration and Stakeholder Engagement

• Work closely with IT, Legal, HR, and other departments to ensure a cohesive approach to cybersecurity.
• Act as a liaison between technical teams and business units to align cybersecurity practices with organizational goals. 

Qualifications & Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
• 3+ years in a cybersecurity or GRC-related role.
• Good working knowledge of security risk management, security governance framework and compliance, vulnerability management (vulnerability assessment, penetration testing), and security incident response and security assessment.
• Strong understanding of ISO27001 standard and NIST Cyber Security Framework. 
• Strong background in vulnerability management tools.
• Knowledge of SIEM and GRC tools.
• Understand Disaster Recovery, Business Continuity and IT Regulatory Compliance.
• Excellent interpersonal and communication skills. Good command of written and spoken English.
• Pro-active, independent, resourceful, able to work in a team environment and work independently with minimal supervision.
• Work well with all functional levels in the organization.
• It will be advantageous to have at least one of these certifications: CGRC (ISC2), CRISC (ISACA). 
• Prior IT security consulting experience will be advantageous.