IT Security Practice Manager (GRC)

NCS is a leading technology services firm that operates across the Asia Pacific region in over 20 cities, providing consulting, digital services, technology solutions, and more. We believe in harnessing the power of technology to achieve extraordinary things, creating lasting value and impact for our communities, partners, and people. Our diverse workforce of 13,000 has delivered large-scale, mission-critical, and multi-platform projects for governments and enterprises in Singapore and the APAC region. 

We’re searching for a IT Security Practice Manager (GRC) to be part of our diverse team of talents here at NCS!

If you believe in going above and beyond, want to exemplify the best, and wish to bring people and technology together like never before, then we would love to have a conversation with you!

Overview

We are seeking a highly skilled Senior IT Security Practitioner with expertise in Governance, Risk, and Compliance (GRC) to join our growing IT Security team. The ideal candidate will have extensive experience and knowledge in information security governance frameworks, risk management processes, and compliance with industry regulations. This individual will be responsible for developing security policies and procedure, controls, and practices to ensure the confidentiality, integrity, and availability of our client environment.

What we seek to accomplish together:

Governance:

• Develop and maintain IT security governance framework, ensuring alignment with business objectives and compliance requirements.
• Create, implement, and manage security policies, standards, and procedures in line with industry best practices and regulatory requirements.
• Oversee the development and execution of a comprehensive security governance strategy, ensuring effective risk management and protection of organizational assets.

Risk Management:

• Lead risk assessments and evaluations to identify, assess, and mitigate security risks across the organization’s IT systems and infrastructure.
• Conduct security risk assessments (including threat modeling, vulnerability assessments, and penetration testing) and provide actionable recommendations for risk mitigation.
• Establish and manage risk management processes, including the identification of key risks, implementation of risk treatments, and continuous risk monitoring.
• Collaborate with other business units to assess and manage third-party risks and vendor security.

Compliance:

• Ensure ongoing compliance with relevant laws, regulations, and industry standards by conducting periodic audits and assessments.
• Stay current on industry regulations and standards related to cybersecurity and IT security and provide guidance on compliance requirements.
• Assist with internal and external audits, managing the preparation of audit evidence, and tracking remediation efforts.
• Work with legal, privacy, and compliance teams to interpret regulatory changes and develop corresponding policy updates.

Leadership & Strategy:

• Mentor and guide junior staff members in the areas of GRC, providing expertise and training on security frameworks, risk management, and compliance processes.
• Support strategic decision-making by providing insight into security risks, compliance trends, and governance challenges.
• Lead or participate in cross-functional projects aimed at improving the organization's security posture.

Continuous Improvement:

• Continuously monitor and evaluate the effectiveness of the organization’s GRC program, recommending improvements and adjustments where necessary.
• Stay abreast of emerging threats, technologies, and trends in the cybersecurity landscape to inform governance, risk, and compliance strategies.
• 
   

A little bit about you:

• Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or related field.
• 10+ years of experience in IT security, with a focus on Governance, Risk, and Compliance.
• Experience working with security frameworks such as NIST CSF, ISO 27001, COBIT, and/or ITIL.
• Strong understanding of regulatory requirements
• Previous experience in a senior role overseeing governance, risk, and compliance activities.
• Preferably certified in CISSP / CISM / CRISC / CISA / ISO 27001 Lead Implementer / Auditor / GIAC GRC etc.
• Deep knowledge of security technologies and practices
• Deep knowledge with risk management tools and GRC platforms
• Knowledge of IT and information security controls, threat management, and vulnerability management.
• Strong understanding of cloud security, data protection, and incident management.
• Experience with security audit and compliance tools, and ability to interpret audit reports.

We are driven by our AEIOU beliefs—Adventure, Excellence, Integrity, Ownership, and Unity—and we seek individuals who embody these values in both their professional and personal lives. We are committed to our Impact: Valuing our clients, Growing our people, and Creating our future.  

Together, we make the extraordinary happen.  

Learn more about us at ncs.co and visit our LinkedIn career site. 

We handle all profiles with the highest level of confidentiality.