We are seeking a Lead / Senior Cybersecurity Governance Specialist to join the CISO Office, responsible for shaping and driving enterprise-wide cybersecurity governance, risk management, and security architecture standards across a large, complex organisation.

Mandatory Skill(s)

• 10–12 years of experience in Cybersecurity GRC, Information Security Risk Management, or Security Architecture, with exposure to large, complex enterprise environments;
• Proven ability to manage cybersecurity risks across enterprise IT, cloud platforms, and large-scale digital systems;
• Must have strong knowledge of security governance frameworks, including Singapore Government policies (e.g., IM on IT Management), NIST, and ISO 27001;
• Must have strong expertise in risk assessment methodologies (e.g., TVRA) and translating technical vulnerabilities into business risk;
• Deep understanding of Zero Trust Architecture (ZTA) and modern cybersecurity technologies such as Firewalls, EDR, IAM, SIEM, CSPM, CWPP, CASB, and secrets management;
• Ability to map defensive controls to the MITRE ATT&CK framework, with solid understanding of offensive security concepts and threat actor TTPs;
• Excellent stakeholder management, communication, and presentation skills, with the ability to influence senior leadership;
• Strong analytical and critical thinking skills to identify systemic security issues and drive continuous improvement.

Desirable Skill(s)

• Exposure to Operational Technology (OT) and Industrial Control Systems (ICS) security environments;
• Hands-on experience with manual and automated security testing and assessment tools;
• Professional cybersecurity certifications such as CISM, CRISC, CISSP, OSWE, with OSCP as a good-to-have;
• Experience working within large-scale government, regulated, or critical infrastructure environments;
• Familiarity with advanced threat intelligence, attack simulation, and adversary emulation concepts.

Responsibilities

• Establish and maintain organisation-wide cybersecurity risk registers as living artefacts reflecting real-time threats and project risks;
• Lead and facilitate risk discussions with senior management, CIOs, and agency leaders, translating technical risks into business and operational impact;
• Develop and implement consistent risk analysis frameworks that enable informed risk-taking and innovation;
• Embed cybersecurity risk management across the full system lifecycle, from design to deployment and operations;
• Define and govern unified Threat Risk Assessment (TRA) standards across cloud, web applications, and OT/ICS environments;
• Establish SOPs for Crown Jewel identification, critical information asset classification, and comprehensive threat modelling;
• Standardise and govern security controls to ensure technical effectiveness beyond baseline compliance;
• Lead the development and execution of a Zero Trust Architecture (ZTA) roadmap, including identity-based security and micro-segmentation;
• Provide security architecture and GRC advisory for high-impact and critical digital systems;
• Evaluate and govern security technologies to ensure continued effectiveness against evolving threats;
• Establish and manage third-party and software supply chain risk management frameworks;
• Define standards to assess vendor cyber resilience and manage risks from open-source and third-party dependencies;
• Drive continuous audit readiness, oversee closure of audit findings, and ensure root-cause remediation;
• Analyse audit trends to identify systemic security weaknesses and implement proactive improvements;
• Partner with CIOs, CISOs, and project owners to build a proactive, risk-informed security culture;
• Track evolving threat actor TTPs and emerging technologies, periodically reviewing the effectiveness of security controls.

If you are interested in this role, click on the “Apply to this job” button below or you could also write in with your CV to Shruthi GR at shruthi.gr@sciente.com quoting the job title.

Shruthi GR
Lead Technology Talent Acquisition Specialist (APAC)