Cybersecurity GRC Analyst (ISO 27001 & CSA)

Our client is a fast-growing, boutique cybersecurity consultancy that specializes in high-level compliance and risk management. Due to a strong project pipeline, they are seeking their first foundational hire to support in end-to-end GRC implementations and audits.

This is a 100% remote role reporting directly to the Founder. You will be the primary individual contributor responsible for approximately 70% of project execution, with the opportunity to refine and improve internal methodologies as the firm scales. This is an ideal position for a GRC professional who enjoys autonomy and working across both private and public sector projects.

Key Responsibilities:

• Lead ISO 27001 Implementations: Oversee end-to-end ISMS projects, including gap analysis, risk assessments, and the development of the Statement of Applicability (SoA).

• CSA Certification Lead: Guide clients through the full lifecycle of Cyber Trust Mark and Cyber Essentials Mark readiness and certification.

• Hands-on IT Auditing: Conduct IT General Controls (ITGC) audits—focusing on access management, change management, and IT operations—as well as ISO 27001 surveillance audits.

• Strategic Training: Assist in the preparation of Tabletop Exercises (TTX) and cybersecurity awareness materials for client deliveries.

• Audit Lifecycle Management: Ability to execute comprehensive audit working papers, document findings, and validate the closure of audit findings through remediation tracking with clear guidance from the Founder.

• Compliance Excellence: Ensure all project deliverables align with the CCOP framework and relevant regulatory standards.

What We Offer:

• Work Arrangement: A remote-first environment with a focus on project outcomes rather than desk time.

• Strategic Impact: Work closely with the Founder to shape the firm's internal tools and future growth.

• Project Variety: Direct exposure to diverse industries and high-level government projects.

Job Requirements

• Experience: 3–5 years in cybersecurity, IT audit, or GRC professional services.

• Technical Knowledge: Deep expertise in ISO 27001, CSA Cyber Trust/Essentials Mark, and ITGC concepts.

• Operational Independence: Proven ability to work independently with minimal supervision in a fast-paced consulting environment.

• Communication: Strong client-facing soft skills; able to present complex risk data clearly to senior stakeholders.

• Education: Diploma or Degree in IT, Cybersecurity, or a related field.

• Security Clearance: Due to the nature of specific project assignments, the ability to attain a high-level security clearance is required.

Preferred Qualifications:

• Professional certifications: ISO 27001 Lead Implementer/Auditor, CISA, CISSP, CISM, or CRISC.

• Familiarity with Cloud Security and Personal Data Protection (PDPA).
  

  Next Step:

  Please submit your updated resume in MS Word format by clicking the QUICK APPLY button.

  Only shortlisted applicants will be contacted. By submitting your application, you agree and consent to GYK TalenSync Pte Ltd and its related entities collecting, using, and/or disclosing your personal data to relevant third parties, where necessary, for purposes including job application processing, career guidance, research, and other administrative matters, in accordance with our Privacy Policy at www.gykco.com
  

  Gabriel Pang

  Registration Number: 22105639

  GYK TalenSync Pte Ltd

  EA License No: 23C1806