Cybersecurity GRC Consultant

Company:

Sopra Steria is a listed European tech leader specializes in Consulting, Digital Service, and Software. We have 60,000 employees worldwide located in different regions (Europe, North America and Asia), whereby Singapore is the HQ for APAC. EvaGroup Asia Pacific is part of Sopra Steria I2S APAC, in charge of Infrastructure, Cloud and Cybersecurity services.

Descriptions:

In this role, you will join a team of six members from Sopra Steria to support one of our government project. The scope of work includes:

1. Security Risk Assessment

2. Security Policies, Standards, Guidelines, And Procedures Review

3. Security Design

4. Application Security

5. Vulnerability assessment and

6. System Security Acceptance Testing

You will be an expert in the field of Governance, Risk Assessment, and Compliance.

Responsibilities:

• Conduct information security risk assessments, compliance reviews and/or audits on client’s systems, which include IT and/or OT infrastructure and applications
• Develop and review client’s information security framework and policies
• Work with internal and external stakeholders to deliver consultancy and advisory services
• Provide subject matter advice to internal stakeholders on cyber security requirements that the organisation is required to comply with, including internal policies and standards.
• Participate in consultation and conduct gap analysis against new or revised requirements.
• Follow up on remediation actions, security and risk assessments with respective stakeholders.
• Present management reporting to stakeholders, with analysis of data and trends, and recommend next steps.

Requirements

• Bachelor's Degree in Cybersecurity, Information Technology or equivalent
• At least 3 years relevant experience in ICT cybersecurity, audit management, governance, risk and compliance management
• Proven experience in establishing and optimizing governance frameworks within public and private cloud environments (e.g., AWS, Azure, Google Cloud). Ability to design policies and procedures that ensure effective cloud resource management, cost control, and operational efficiency.
• Relevant certifications in IT governance, IT audit, cyber or data security (e.g. CISSP, CISM, CISA, etc.) preferred
• Information security standards and frameworks such as ISO 27001/2, MAS TRM, NIST CSF, GovTech IM8, and CIS Controls
• Technical knowledge of security vulnerabilities, validation of remediations and risk assessments
• Ability to work with cross-functional, multi-disciplined team
• Excellent in oral and written communication

Benefits

• Regular team buildings
• 18 leave days / year
• Insurance: GP, Hospitalisation, Dental and Optical
• Annual bonus
• Working hours: from 8:30am to 6pm, Monday to Friday
• Training and certifications paths