382 Governance Risk Compliance jobs in Singapore

The NETS Group is a leading payments services group, enabling digital payments for merchants, consumers and banks across the entire payments value chain. 

The Group operates Singapore's national debit scheme enabling customers of DBS Bank/POSB, HSBC, Maybank, OCBC Bank, Standard Chartered Bank and UOB to make payments using their ATM cards or mobile devices at more than 130,000 acceptance points in the country as well as online payments.

We are looking for a motivated Intern to help with cybersecurity efforts, focusing on vulnerability management and process improvements. This internship offers opportunities to gain hands-on experience in a dynamic environment, working with experienced professionals.Key Responsibilities

• Conduct reviews of Information Security processes, such as Patch Management and

Open-Source Vulnerability Management, across organisational technology systems.

• Collaborate with cross-functional teams to identify, prioritise, and remediate vulnerabilities on various production system platforms.
• Monitor vulnerability remediation progress, ensuring timely resolution of security issues and verifying the effectiveness of corrective actions.
• Assist in security risk assessments and report creation.
• Contribute to process improvements, policy updates, and compliance requirements to enhance the organisation's overall Information Security posture.
• Participate in security-related projects, including audits and policy updates.
• Communicate technical issues to diverse stakeholders, bridging the gap between technical and non-technical teams.

Requirements

•    Currently pursuing a Bachelor's degree in Computer Science, Information Systems, IT Security, or a related field.

•    A strong interest in Information Security and a desire to learn more about the field.

•    Good communication and teamwork skills.

•    Self-motivated and able to take initiative.

•    Self-motivated and independent, able to manage workloads effectively and meet deadlines

Network for Electronic Transfers (Singapore) Pte Ltd.

Role Description
We are seeking an experienced
Senior/Lead Consultant
specializing in
IT Governance, Risk, and Compliance (GRC)
to join our team. In this hybrid role, you will manage and oversee IT GRC activities, ensuring alignment with industry standards and regulatory requirements. Your expertise will contribute to building secure, compliant, and resilient IT systems.
Key Responsibilities
Governance, Risk, and Compliance
Conduct comprehensive risk assessments and identify potential vulnerabilities.
Develop and implement IT policies, procedures, and risk mitigation strategies.
Provide expert guidance on regulatory compliance and industry best practices.
Project Lifecycle Involvement
Interpret and define security requirements for IT systems.
Design and implement robust system security architectures.
Evaluate risks from deviations and non‐compliance issues, recommending solutions.
Support security acceptance testing and continuous security assessments.
The Candidate shall possess the following professional qualification and experience:
a. minimum six (6) years of experience in designing, implementing and testing system security architecture of similar scale; OR
b. minimum two (2) years of experience in designing, implementing and testing system security architecture of similar scale – plus having attained at least one (1) of the following:
i. Information Security Masters degree from U.S. National Centres of Academic Excellence in Cyber Defence (NSA/DHS CAE) or those certified by U.K. National Cyber Security Centre (GCHQ’s NCSC); or
ii. CREST Registered Technical Security Architect (CRTSA); or
iii. Information Systems Security Architecture Professional (CISSP‐ISSAP).
Minimum Qualifications
Strong knowledge of IT governance, risk management, and compliance frameworks
Experience in conducting risk assessments and developing risk mitigation strategies
Experience in Network and System Security Engineering and Enterprise Security Architectural Design
Familiar with relevant regulatory requirements and industry standards
Excellent problem‐solving and analytical skills
Strong communication and interpersonal skills
Ability to work independently and collaboratively in teams
Certifications such as CISSP and CRISC are highly preferred
Minimum of 5 years of experience in IT governance, risk, and compliance roles
Bachelor's or master's degree in IT, Computer Science, or a related field
Security clearance (CAT 1 or 2) required for government project
#J-18808-Ljbffr

Role Description

We are seeking an experienced Senior/Lead Consultant specialising in IT Governance, Risk, and Compliance (GRC) to join our team. In this hybrid role, you will manage and oversee IT GRC activities, ensuring alignment with industry standards and regulatory requirements. Your expertise will contribute to building secure, compliant, and resilient IT systems.

Key Responsibilities:

1. Governance, Risk, and Compliance:

• Conduct comprehensive risk assessments and identify potential vulnerabilities.
• Develop and implement IT policies, procedures, and risk mitigation strategies.
• Provide expert guidance on regulatory compliance and industry best practices.

2. Project Lifecycle Involvement:

• Interpret and define security requirements for IT systems.
• Design and implement robust system security architectures.
• Evaluate risks from deviations and non-compliance issues, recommending solutions.
• Support security acceptance testing and continuous security assessments.

The Candidate shall possess the following professional qualification and experience:

a. minimum six (6) years of experience in designing, implementing and testing system security architecture of similar scale; OR

b. minimum two (2) years of experience in designing, implementing and testing system security architecture of similar scale – plus having attained at least one (1) of the following:

i. Information Security Masters degree from U.S. National Centres of Academic Excellence in Cyber Defence (NSA/DHS CAE) or those certified by U.K. National Cyber Security Centre (GCHQ’s NCSC); or

ii. CREST Registered Technical Security Architect (CRTSA); or

iii. Information Systems Security Architecture Professional (CISSP-ISSAP).

Minimum Qualifications

• Strong knowledge of IT governance, risk management, and compliance frameworks
• Experience in conducting risk assessments and developing risk mitigation strategies
• Experience in Network and System Security Engineering and Enterprise Security Architectural Design
• Familiar with relevant regulatory requirements and industry standards
• Excellent problem-solving and analytical skills
• Strong communication and interpersonal skills
• Ability to work independently and collaboratively in teams
• Certifications such as CISSP and CRISC are highly preferred
• Minimum of 5 years of experience in IT governance, risk, and compliance roles
• Bachelor's or master's degree in IT, Computer Science, or a related field
• Security clearance (CAT 1 or 2) required for government project

Job Scope:

We are seeking a skilled Governance, Risk and Security Compliance Specialist to ensure our organization's compliance with regulatory requirements, industry standards, and internal security policies. The candidate will be responsible for designing, implementing, and maintaining compliance frameworks while supporting security awareness across the company.

Key Responsibilities:

1. Regulatory & Framework Compliance

2. Lead and maintain compliance with DORA (Digital Operational Resilience Act) , ensuring IT and operational resilience measures meet regulatory requirements.

3. Ensure compliance with VARA (Virtual Assets Regulatory Authority) frameworks for virtual asset and digital financial services.
4. Drive compliance initiatives for GDPR , including data protection impact assessments, data handling practices, and privacy-by-design principles.
5. Manage and maintain ISO 27001 Information Security Management System (ISMS), including documentation, risk assessments, and internal/external audit preparations.

2.Security Awareness

• Develop, deliver, and track security awareness programs to build a security-first culture.
• Conduct phishing simulations, training sessions, and employee awareness campaigns to ensure strong adoption of best practices.

3.Audit & Risk Management

• Coordinate with auditors and regulators for compliance reviews and assessments.
• Identify and mitigate compliance gaps, security risks, and process weaknesses.
• Maintain up-to-date knowledge of evolving regulations and ensure timely implementation of new requirements

4.Collaboration & Advisory

• Work closely with IT, Legal, Risk, and Business teams to embed compliance requirements into processes and systems.
• Provide guidance on secure and compliant business practices for new projects and technologies.
• Supporting external audits including ISMS audits

Requirements:

• Bachelor's degree in Information Security, Computer Science, or related field.
• Proven experience in regulatory compliance (DORA, GDPR, VARA) and ISO 27001 management.
• Strong understanding of information security frameworks and risk management practices.
• Experience in designing and conducting security awareness programs.
• Excellent communication, documentation, and stakeholder management skills.
• Professional certifications such as CISM, CISSP, ISO 27001 Lead Implementer/Auditor, or CISA are a plus

Job Type: Full-time

Benefits:

• Dental insurance
• Health insurance

Governance, Risk and Compliance Specialist
About AvePoint
Securing the Future. AvePoint is a global leader in data management and data governance, and over 21,000 customers worldwide rely on our solutions to modernize the digital workplace across Microsoft, Google, Salesforce and other collaboration environments. AvePoint’s global channel partner program includes over 3,500 managed service providers, value added resellers and systems integrators, with our solutions available in more than 100 cloud marketplaces. To learn more, visit
.
About The Role
As a Governance, Risk and Compliance Specialist in the Cybersecurity (CySD) Division’s Security Governance & Compliance (SGC) team, you will be a subject matter expert advising internal stakeholders on cybersecurity compliance requirements. You will be working closely with application teams and line 2.
Your Scope Of Work Includes
Writing internal cybersecurity policies and processes;
Ascertain security compliance;
Support IT / cyber security audits;
Tracking and reporting of cyber risks.
Key Responsibilities
Develop the culture of cyber security governance and risk management across the organisation, and ensure proper accountability in the management, tracking and reporting of cyber risks.
Provide subject matter advice to internal stakeholders on cyber security requirements that the Authority is required to comply with, including internal policies and standards, as well as policies and standards from GovTech and Cyber Security Agency of Singapore.
Review and establish ICT policies and processes controls, and conduct compliance checks.
Support the CIO and CISO, and work with internal stakeholders to:
Track and monitor cyber security initiatives to meet compliance requirements.
Participate in consultation and conduct gap analysis against new requirements.
Assess and seek waiver approvals for deviations and dispensations.
Coordinate and facilitate IT / cyber security audits.
Track remediation plans to address audit findings.
The Ideal Candidate Has
Working experience in IT Governance, IT Audit, Cyber security or related field.
Relevant certifications in IT governance, IT audit, cyber or data security (e.g. CISSP, CISM, CISA, CGEIT, etc.) preferred.
Ability to work with cross-functional, multi-disciplined team to institute and monitor security policies and procedures.
Knowledge of Instruction Manual 8 and CSA Cybersecurity Code of Practice preferred.
AvePoint is proud to employ talent from many different backgrounds, experiences, and identities. We believe that diversity and inclusion drives our success and is at the core of how we hire, communicate, and collaborate to deliver value and excellence. We are committed to fostering an environment where people can bring their whole selves to work and feel a sense of belonging, and we continue to work toward creating a workforce that represents the diversity of our customers and communities.
Any personal data you share with us during the application process will be processed strictly in compliance with applicable data protection laws and our Privacy Notice.
Seniority level
Entry level
Employment type
Full-time
Job function
Finance and Sales
Industries
Data Security Software Products
#J-18808-Ljbffr

About AvePoint:
Securing the Future. AvePoint is a global leader in data management and data governance, and over 21,000 customers worldwide rely on our solutions to modernize the digital workplace across Microsoft, Google, Salesforce and other collaboration environments. AvePoint’s global channel partner program includes over 3,500 managed service providers, value added resellers and systems integrators, with our solutions available in more than 100 cloud marketplaces. To learn more, visit
.
At AvePoint, we are committed to investing in our people. Agility, passion and teamwork set us up to do our best work and foster a culture where you are empowered to craft your career, make an impact, and own (y)our future. Unleash the power of you!
Job Summary:
The Governance, Risk and Compliance (GRC) have setup an horizontal function focused on taking on governance, risk and compliance related work across EPD with the aim to centralize the management of GRC work across EPD.
We are seeking a skilled IT Security Operations Specialist to manage and maintain our organisation's security posture through various operational and compliance management tasks and monitoring activities.
Key responsibilities:
System Security Management
Execute regular operating system patching across all environments
Manage enterprise password policies and renewal processes
Conduct vulnerability assessments and oversee remediation efforts
Monitor and maintain antivirus solutions across all systems
Ensure accurate server inventory and data in TechLens platform
Certificate and Lifecycle Management
Certificate and Lifecycle Management
Manage SSL certificate lifecycle, including timely renewals
Track and report on End-of-Life (EOL) and End-of-Support (EOS) for all systems
Coordinate system upgrades or replacements for EOL/EOS components
Access Control and Monitoring
Perform User Access Reviews (UAR) periodically
Monitor and investigate failed login attempts
Manage privileged access rights and permissions
Review and analyse security logs for potential threats
Risk and Compliance
Conduct regular risk assessments
Address and remediate Cloudscape security findings
Prepare security reports for management review
What we are looking for:
Required Qualifications:
Bachelor's degree in IT, Computer Science, or related field
5+ years of experience in IT security operations
Relevant security certifications (e.g., CompTIA Security+, CISSP)
Strong knowledge of security tools and best practices
Amazon Web Services (AWS) certifications
Skills:
Strong analytical and problem-solving abilities
Excellent documentation and communication skills
Experience with security monitoring tools
Knowledge of compliance frameworks
Ability to work in a fast-paced environment
Familiarity with Amazon Web Services (AWS) services such as IAM, CloudWatch etc
AvePoint is proud to employ talent from many different backgrounds, experiences, and identities. We believe that diversity and inclusion drives our success and is at the core of how we hire, communicate, and collaborate to deliver value and excellence. We are committed to fostering an environment where people can bring their whole selves to work and feel a sense of belonging, and we continue to work toward creating a workforce that represents the diversity of our customers and communities.
Any personal data you share with us during the application process will be processed strictly in compliance with applicable data protection laws and our Privacy Notice.
#J-18808-Ljbffr

On-Premises GRC (Governance, Risk and Compliance) Analyst - (Associate level and not SME level)

Governance & Compliance "Develop, implement, and maintain security policies, procedures, and standards in line with industry best practices (ISO 27001, NIST, CIS, etc.).

Ensure compliance with regulatory requirements (MAS TRMG, CCoP).

Assist in internal audits and security assessments to identify gaps and recommend corrective actions.

Support third-party risk assessments and vendor security compliance.

Perform UAR/UAM validation review

Perform Hardening Review"

Risk Management "Conduct risk assessments and identify potential security threats, vulnerabilities, and mitigation strategies.

Develop and maintain a security risk register, tracking risk treatment plans and progress.

Monitor emerging security threats and ensure proactive risk management strategies.

Assist in business continuity and disaster recovery planning related to security risks."

Security Awareness & Training "Develop and deliver security awareness training programs for employees.

Promote a culture of security by advising stakeholders on best practices."

Required Skills & Qualification "Bachelor's degree in Cybersecurity, Information Security, IT, or a related field.

3+ years of experience in security governance, risk management, and compliance.

Knowledge of industry security frameworks (NIST, etc.).

Familiarity with regulatory requirements (MAS, CCoP).

Experience with risk assessments, cybersecurity audits and compliance monitoring.

Strong analytical and problem-solving skills.

Excellent communication and stakeholder management skills.

Relevant certifications such as CISSP, CISA or CRISC"

Working Hours "General shift: 43 hours per week (9 AM to 6 PM, with a 1-hour break). Onsite

Occasionally, weekend work may be required. No extra allowance will be provided; instead, compensatory off will be granted."

Job Type: Contract

Pay: $60, $65,000.00 per year

Experience:

• GRC(Security Governance, risk and compliance): 2 years (Preferred)

Location:

• Singapore (Preferred)

GRC, Governance, Risk and Compliance, Technical Governance (Consultant/Senior Consultant)
Our team is made up of Information Security professionals coming from all types of professional and personal backgrounds - we have a unique, international environment to grow in.
We offer benefits to help you in your career progression such as training and certification opportunities, flexible hours, a great workplace environment, and a culture focused on helping you become a T-shaped consultant while working in a technically strong, diverse team.
Our Strategy, Governance, Risk and Compliance Consultants work with key stakeholders to drive the design, development and implementation of strategies, policies and standards around cybersecurity. They help to ensure cybersecurity is aligned and supports the business objectives of the organisation.
Job Responsibilities
Perform technical evaluation on IT systems across both cloud and traditional environments;
Assist in reviewing network architecture diagrams and designs, helping to identify basic security principles, potential misconfigurations, or areas for improvement.
Support the assessment of network device configurations (e.g., routers, switches, basic security devices) against documented security standards and best practices by collecting information from clients and performing analysis;
Assist in reviewing firewall rule sets and configurations, identifying policy inconsistencies or basic security concerns;
Present and report on cybersecurity items to key organisational stakeholders;
Work closely with stakeholders to manage cybersecurity for the organisation;
Work on specific verticals such as Technical Governance, and GRC Strategy;
Qualifications and Attributes
Working experience involving network configuration, firewall rulesets, or OS hardening would be a significant advantage.
Understanding of network concepts (TCP/IP, routing, switching), operating systems (Windows, Linux), and fundamental cybersecurity principles.
Experience in implementing/operating security products (e.g., Firewalls, PIAM, SIEM) is advantageous.
Understand how network and system configurations impact security.
Clear and concise written and verbal communication skills, crucial for documentation and asking clarifying questions.
Team player and ability to work independently when the need arises.
Professional Industry / Cloud Certifications (e.g. AWS, Azure, GCP, certifications).
Proficiency with Chinese (Native) to work with Chinese speaking clients is advantageous.
Benefits and What’s in it for you
Work in a dynamic and modern company with a great culture and great people;
Increased responsibilities in a client-facing role to boost your career. We will support you but not hide you behind a Managing or Principal Consultant;
Get exposure to a wide range of businesses across all industries;
Grow your skillset across the entire engagement lifecycle;
Flexible work arrangements when practical;
Training and certification opportunities;
Opportunities to travel.
About Sekuro
Sekuro is an independent cybersecurity consulting firm and we have been operating for more than 7 years. We have offices located in 6 different cities in Australia, with 3 offices in South East Asia.
We offer Cybersecurity services ranging from Offensive Security to Strategy, Governance, Risk and Compliance services, including ISO27001 implementation and adoption of other International Standards for our clients. We are ISO27001 certified, CREST Accredited and a PCI QSA company. We are a registered Services supplier for both the Singapore Government as well as the Australian Government.
Seniority Level: Mid-Senior level
Employment Type: Full-time
Job Function: Information Technology
Industry: IT Services and IT Consulting
#J-18808-Ljbffr

Job Scope:

We are seeking a skilled Governance, Risk and Security Compliance Specialist to ensure our organization's compliance with regulatory requirements, industry standards, and internal security policies. The candidate will be responsible for designing, implementing, and maintaining compliance frameworks while supporting security awareness across the company.

Key Responsibilities:

1. Regulatory & Framework Compliance

• Lead and maintain compliance with DORA (Digital Operational Resilience Act), ensuring IT and operational resilience measures meet regulatory requirements.
• Ensure compliance with VARA (Virtual Assets Regulatory Authority) frameworks for virtual asset and digital financial services.
• Drive compliance initiatives for GDPR, including data protection impact assessments, data handling practices, and privacy-by-design principles.
• Manage and maintain ISO 27001 Information Security Management System (ISMS), including documentation, risk assessments, and internal/external audit preparations.

2.Security Awareness

• Develop, deliver, and track security awareness programs to build a security-first culture.
• Conduct phishing simulations, training sessions, and employee awareness campaigns to ensure strong adoption of best practices.

3.Audit & Risk Management

• Coordinate with auditors and regulators for compliance reviews and assessments.
• Identify and mitigate compliance gaps, security risks, and process weaknesses.
• Maintain up-to-date knowledge of evolving regulations and ensure timely implementation of new requirements

4.Collaboration & Advisory

• Work closely with IT, Legal, Risk, and Business teams to embed compliance requirements into processes and systems.
• Provide guidance on secure and compliant business practices for new projects and technologies.
• Supporting external audits including ISMS audits

Requirements:

• Bachelor's degree in Information Security, Computer Science, or related field.
• Proven experience in regulatory compliance (DORA, GDPR, VARA) and ISO 27001 management.
• Strong understanding of information security frameworks and risk management practices.
• Experience in designing and conducting security awareness programs.
• Excellent communication, documentation, and stakeholder management skills.
• Professional certifications such as CISM, CISSP, ISO 27001 Lead Implementer/Auditor, or CISA are a plus

Job Type: Full-time

Pay: $6, $7,000.00 per month

Benefits:

• Dental insurance
• Health insurance

Work Location: In person