We are seeking a GRC Consultant to join our GRC consulting practice. In this client-facing role, you will lead end-to-end GRC consulting engagements — guiding clients through the scoping, implementation, and certification of frameworks such as ISO 27001, Cyber Trust Mark, NIST CSF, SOC 2, and other regulatory standards. You will serve as the primary point of contact for clients, managing project delivery and building long-term advisory relationships across multiple industries.

 

KEY RESPONSIBILITIES

• Lead end-to-end GRC consulting engagements for clients across multiple industries, from scoping through to certification or sign-off
• Serve as primary client relationship manager, managing expectations, timelines, and deliverables across concurrent projects
• Conduct gap analyses and readiness assessments for frameworks including ISO 27001, BNM RMiT, PDPA Assessment, SOC 2 Type II, NIST CSF
• Perform system architecture reviews and threat modelling
• Conduct tabletop exercises and security awareness trainings
• Guide clients through the full ISO 27001 certification lifecycle: scoping, ISMS design, risk assessment, control implementation, internal audit, and certification audit support
• Support clients pursuing Singapore's Cyber Trust Mark and Cyber Essentials certifications, including assessment preparation and remediation advisory
• Develop client-facing deliverables: gap assessment reports, risk registers, ISMS documentation, policies, procedures, and remediation roadmaps
• Facilitate client workshops, interviews, and walkthroughs with stakeholders across technical and business teams
• Mentor junior consultants on project delivery, client interaction, and technical GRC content
• Contribute to the development of internal methodologies, templates, and service offerings

 

Education

• Bachelor's degree in Information Security, Computer Science, or a related field
• Master's degree or postgraduate qualification in Risk, Compliance, or Cybersecurity is advantageous

 

Experience

• 2–4 years of working experience in technology, cybersecurity, IT audit, risk, compliance, or related functions
• Keen interest in developing a career in Governance, Risk and Compliance (GRC) and cybersecurity advisory/consulting
• Exposure to information security standards or frameworks such as ISO 27001, Cyber Essentials, or Cyber Trust Mark would be advantageous
• Ability to manage multiple projects and stakeholders in a fast-paced environment
• Strong analytical, communication, and problem-solving skills
• Prior exposure to industries such as financial services, healthcare, government, or technology would be an added advantage
• Willingness to learn, undergo structured training, and develop competencies in cybersecurity governance and compliance

 

Certifications (Preferred)

• CISSP – Certified Information Systems Security Professional
• ISO 27001 Lead Auditor / Lead Implementer
• CISA – Certified Information Systems Auditor
• CISM – Certified Information Security Manager
• AWS Related Certifications
• Azure Related Certifications

 

SKILLS & COMPETENCIES

• Deep working knowledge of ISO 27001, BNM RMiT, PDPA Assessment, SOC 2 Type II, NIST CSF, and related standards
• Experience in performing system architecture reviews and threat modelling
• Experience in conducting tabletop exercises and security awareness trainings
• Strong client management skills — able to build trust, communicate clearly, and manage difficult conversations
• Excellent written communication: proficient in producing professional reports, policies, and executive presentations
• Ability to translate complex technical GRC requirements into business-friendly language for non-technical clients
• Experience facilitating workshops and training sessions for diverse stakeholder groups
• Strong project management discipline — able to handle multiple engagements with competing deadlines
• Comfortable working independently on client sites and representing the firm professionally

 

WHAT WE OFFER

• Competitive salary with performance-based bonus
• Medical and dental coverage
• Professional development budget and certification support
• Flexible hybrid work arrangement
• Collaborative and growth-oriented team environment

grc cyber governance certified information systems security professional (cissp) information security security analysis

• Job Type Full Time
• Industry Information Technology and Services
• Job Category Consulting
• Min Qualification Bachelor's Degree

CCP for ICT Professionals (Cybersecurity) - SGTech

• 140 Paya Lebar Road #05-13
• 9656 1518
• peyyub.boh@softscheck-apac.com
• www.softscheck-apac.com

Copy Link Facebook Linkedin