Cyber Security Engineer - GRC (Perm)

e are looking for a Cybersecurity Engineer to take full ownership of the organisation’s security function in a MAS-regulated environment. This is a hands-on, individual contributor role for someone who can operate independently across the full cybersecurity spectrum — from governance, risk, and compliance to technical implementation, monitoring, and incident response.

You will work closely with the Head of Technology and a lean technology team managing CRM, cloud infrastructure, SAP, and end-user environments, ensuring the organisation maintains strong security practices aligned with regulatory requirements and industry standards.

Key Responsibilities

Governance, Risk & Compliance

• Develop and maintain cybersecurity policies, standards, and procedures aligned with MAS Technology Risk Management Guidelines
• Conduct periodic risk assessments and maintain the technology risk register
• Ensure compliance with Personal Data Protection Act (PDPA), including data protection impact assessments

Security Operations & Monitoring

• Implement and manage security monitoring across cloud infrastructure, CRM systems, endpoints, and network environments
• Monitor, investigate, and respond to security alerts and incidents
• Manage endpoint detection & response (EDR), email security, DNS filtering, and firewall rules
• Conduct vulnerability scanning and coordinate patch management
• Manage identity and access management (IAM), including MFA and privileged access reviews

Technical Security

• Secure and harden cloud environments including Microsoft Azure services (App Services, Storage, Networking)
• Review security configurations and third-party integrations, APIs, and external partners
• Manage SSL/TLS certificates, encryption standards, and secure data transmission
• Support secure development practices and review systems for security vulnerabilities

Security Awareness & Culture

• Deliver security awareness training across the organisation
• Conduct phishing simulation exercises and track improvement metrics
• Serve as the internal advisor for cybersecurity-related queries

Requirements

Essential

• 3–5 years of hands-on cybersecurity experience
• Exposure to regulated environments such as financial services, insurance, or similar
• Working knowledge of MAS TRM Guidelines and PDPA requirements
• Practical experience with Azure security tools such as Microsoft Defender for Cloud and Microsoft Entra ID
• Experience with endpoint protection, SIEM/log management, and vulnerability management tools
• Ability to work independently and manage the full security lifecycle
• Strong documentation skills for policies, risk assessments, and compliance reporting

Preferred

• Relevant certifications such as CompTIA Security+, Certified Ethical Hacker, CISSP, CISM, or Microsoft security certifications.

Interested candidate who wish to apply for the advertised position, please click “Apply”. We regret that only shortlisted candidates will be notified

EA License No.: 01C4394 (PERSOL Singapore Pte Ltd)

By sending us your personal data and curriculum vitae (CV), you are deemed to consent to PERSOL Singapore Pte Ltd and its affiliates to collect, use and disclose your personal data for the purposes set out in the Privacy Policy available at https://www.persolsingapore.com/policies. You acknowledge that you have read, understood, and agree with the Privacy Policy.