Cybersecurity Risk & Governance Lead (JD#10785)

Job Summary

We are seeking a Lead / Senior Cybersecurity Governance Specialist to join the CISO Office, responsible for shaping and driving enterprise-wide cybersecurity governance, risk management, and security architecture standards across a large, complex organisation.

Mandatory Skill-set

• 10–12 years of experience in Cybersecurity GRC, Information Security Risk Management, or Security Architecture, with exposure to large, complex enterprise environments;
• Proven ability to manage cybersecurity risks across enterprise IT, cloud platforms, and large-scale digital systems;
• Must have strong knowledge of security governance frameworks, including Singapore Government policies (e.g., IM on IT Management), NIST, and ISO 27001;
• Must have strong expertise in risk assessment methodologies (e.g., TVRA) and translating technical vulnerabilities into business risk;
• Deep understanding of Zero Trust Architecture (ZTA) and modern cybersecurity technologies such as Firewalls, EDR, IAM, SIEM, CSPM, CWPP, CASB, and secrets management;
• Ability to map defensive controls to the MITRE ATT&CK framework, with solid understanding of offensive security concepts and threat actor TTPs;
• Excellent stakeholder management, communication, and presentation skills, with the ability to influence senior leadership;
• Strong analytical and critical thinking skills to identify systemic security issues and drive continuous improvement.

Desired Skill-set

• Exposure to Operational Technology (OT) and Industrial Control Systems (ICS) security environments;
• Hands-on experience with manual and automated security testing and assessment tools;
• Professional cybersecurity certifications such as CISM, CRISC, CISSP, OSWE, with OSCP as a good-to-have;
• Experience working within large-scale government, regulated, or critical infrastructure environments;
• Familiarity with advanced threat intelligence, attack simulation, and adversary emulation concepts.

Responsibilities

• Establish and maintain organisation-wide cybersecurity risk registers as living artefacts reflecting real-time threats and project risks;
• Lead and facilitate risk discussions with senior management, CIOs, and agency leaders, translating technical risks into business and operational impact;
• Develop and implement consistent risk analysis frameworks that enable informed risk-taking and innovation;
• Embed cybersecurity risk management across the full system lifecycle, from design to deployment and operations;
• Define and govern unified Threat Risk Assessment (TRA) standards across cloud, web applications, and OT/ICS environments;
• Establish SOPs for Crown Jewel identification, critical information asset classification, and comprehensive threat modelling;
• Standardise and govern security controls to ensure technical effectiveness beyond baseline compliance;
• Lead the development and execution of a Zero Trust Architecture (ZTA) roadmap, including identity-based security and micro-segmentation;
• Provide security architecture and GRC advisory for high-impact and critical digital systems;
• Evaluate and govern security technologies to ensure continued effectiveness against evolving threats;
• Establish and manage third-party and software supply chain risk management frameworks;
• Define standards to assess vendor cyber resilience and manage risks from open-source and third-party dependencies;
• Drive continuous audit readiness, oversee closure of audit findings, and ensure root-cause remediation;
• Analyse audit trends to identify systemic security weaknesses and implement proactive improvements;
• Partner with CIOs, CISOs, and project owners to build a proactive, risk-informed security culture;
• Track evolving threat actor TTPs and emerging technologies, periodically reviewing the effectiveness of security controls.

Should you be interested in this career opportunity, please send in your updated resume to [email protected] at the earliest.

When you apply, you voluntarily consent to the disclosure, collection and use of your personal data for employment/recruitment and related purposes in accordance with the SCIENTE Group Privacy Policy, a copy of which is published at SCIENTE’s website (https://www.sciente.com/privacy-policy).

Confidentiality is assured, and only shortlisted candidates will be notified for interviews.

EA Licence No. 07C5639