Information Security Governance, Risk and

**Job no**: 511715
**Brand**: FCM
**Work type**: Full time
**Location**: Singapore
**Categories**: Information & Technology

**The GRC Security Analyst Singapore** will plan and implement policies, procedures, standards, and controls to govern the protection of the company’s information systems, networks, and data. The GRC security analyst will stay up to date on the latest cybersecurity intelligence to modify standards and controls that govern cybersecurity across the corporation and to oversees effective system-wide security analysis; intrusion detection; standards and testing; risk assessment; awareness and development of policies, standards, and guidelines

The GRC Security Analyst will be responsible for updating and managing the security policy framework and relevant standards; overseeing applicable security, privacy, contractual and compliance requirements (i.e., ISO27001, Payment Act, PDPA, PCI-DSS, AML/KYC, MAS TRM and local privacy laws) through strategy development, controls definition and assessment and process oversight.

The purpose of this position is to provide highly skilled technical and information security expertise for development and implementation of the information security risk management program as well as handling Compliance and security requests coming from Business and customers (E.g. RFP, incidents, communication)

The GRC Security Analyst updates and maintains control matrices and spreadsheets and provides recommendations for management’s consideration. The incumbent works with internal, regional, Global teams, external providers to provide supportive documentation as applicable.

**Key Responsibilities**
- Establish policies, processes, and procedures in line with local and international regulations
- Implements security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances Company business objectives.
- Implements processes, such as GRC (governance, risk and compliance), to automate and continuously monitor information security controls, exceptions, risks, testing. Develops reporting metrics, dashboards, and evidence artifacts to bring visibility and transparency.
- Updates security controls and provides support to all stakeholders on security controls covering internal assessments, regulations, protecting Privacy data, and Payment Card Industry Data Security Standards (PCI DSS).
- Verify the security compliance posture against the regulations and standards and derive a security implementation plan for remediation
- Liaise with all departments to identify, track, and provide remediation guidance for new projects, services and/or third-party contracts in terms of information security assurance
- Oversee third party assessment standards and privileged user monitoring as a check on critical system access
- Establish and oversee formal vulnerability management, penetration testing and security posture assessment programs
- Oversees and improves execution of Disaster Recovery Plan and BCP, Backup /restore policy (metrics, dashboard) in collaboration with ISS & IT Ops teams.
- Trains, guides, and acts as a resource on security assessment functions to other departments within the Company

**Key Competencies and Skills**
- Minimum 5 years working experience in IT/IS/Audit/Business/Technology
- 5 years in a security governance, risk, and compliance management experience
- Experience in large scale audit or governance projects
- Strong knowledge of current and emerging cyber security risks, and innovative risk management methods and solutions
- Ability to collaboratively develop a risk strategy in conjunction with stakeholders
- Strong analytical thinking, written, and oral communication and presentation skills
- Broad understanding of security and privacy concepts
- Ability to adapt and embrace change in a fast-paced, changing environment
- Ability to effectively communicate and relate to all levels of the organization
- Able to understand contracts and technical documentation and able to assess it for consistency and alignment with processes and controls outlined in requirements and audit materials
- Excellent communication skills at all levels and ability to adapt style to suit audience
- Industry recognized certification in security (e.g., CISSP, CISA, CISM, CEH, etc.) is preferred