Senior Consultant - Governance, Risk and Compliance (GRC) Advisory

Company Description

NCS is a leading technology services firm that operates across the Asia Pacific region in over 20 cities, providing consulting, digital services, technology solutions, and more. We believe in harnessing the power of technology to achieve extraordinary things, creating lasting value and impact for our communities, partners, and people. Our diverse workforce of 13,000 has delivered large-scale, mission-critical, and multi-platform projects for governments and enterprises in Singapore and the APAC region. 

Job Description

We’re searching for a Senior Consultant, Governance, Risk and Compliance (GRC) Advisory to be part of our diverse team of talents here at NCS!

If you believe in going above and beyond, want to exemplify the best, and wish to bring people and technology together like never before, then we would love to have a conversation with you!

Overview

To be part of our Cyber Business Solutions & Services (CBSS) Team, provide consultancy and advisory services on information security governance, audit, risk, and compliance for our clients in the public and private sectors.

What we seek to accomplish together:

• Conduct information security risk assessments, compliance reviews and/or audits on client’s systems, which include IT and/or OT infrastructure and applications
• Develop and review client’s information security framework and policies
• Work with internal and external stakeholders to deliver consultancy and advisory services
• Manage multiple projects to ensure that services are completed in a timely manner
• Evaluate applicable changes on standards, polices, directives and guidelines from the Client and disseminate to project teams for adherence.
• Conduct Annual Self Attestation for project teams to gather compliance posture, track remediation to closure and provide timely updates to Client.
• Plan and conduct Independent Reviews (IT process audits) on selected Applications/ Infrastructure with approval from Client to undercover gaps, improvement areas with the inclusion of tracking & reporting of remediation status to closure.
• Conduct quarterly briefing sessions to project teams on frequently used policies/ directives and common observations/improvement area from audits to enhance compliance and create awareness.
• Provide consultation to project teams on queries related to standards/ policies/ directives.
• Provide advisory and QA to project teams and stakeholders on their responses, evidence, remediation plan to auditors or compliance related declarations during external audit exercise.
• Propose and implement improvement initiatives to enhance audit processes and compliance readiness.

Qualifications

• Bachelor’s degree in Information Systems, Computer Science, Engineering or equivalent
• Minimum of 5 years working in areas of information security governance, risk management, and audit; experience in other areas of cybersecurity will be considered
• Experience in Singapore based Government projects will have an added advantage
• Knowledge of
  • Information security standards and frameworks such as ISO 27001/2, MAS TRM, NIST CSF, GovTech IM8, and CIS Controls
  • Security technologies and operations
  • GRC tools (ServiceNow IRM, RSA Archer)
• Preferable to be certified in CISSP, CISM, CISA, CRISC, ISMS Lead Auditor, ServiceNow IRM, COBIT, ITIL
• Team player with interpersonal skills
• Excellent in oral and written communication