Job Title: GRC Consultant (Cybersecurity)

About the Role
We are seeking a dedicated Governance, Risk, and Compliance (GRC) Consultant. In this role, you will be responsible for developing, implementing, and managing the company's GRC program. You will work closely with the customer to establish governance processes, assess cybersecurity risks, and ensure compliance with relevant regulations and industry standards.

Key Responsibilities

Governance

• Develop, maintain, and enhance cybersecurity policies, standards, and frameworks aligned with business objectives.

• Ensure alignment with industry standards such as CSA Cyber Trust Mark, ISO 27001, NIST, CIS, and SOC 2.

• Collaborate with business units to integrate security governance into daily business processes.

• Draft, revise, and communicate governance policies and procedures to senior leadership and stakeholders.

Risk Management

• Identify, assess, and prioritize cybersecurity risks across the organization's digital ecosystem.

• Conduct regular risk assessments and audits to evaluate vulnerabilities and control effectiveness.

• Work closely with technical teams to implement security controls and risk mitigation strategies.

• Monitor emerging threats and recommend proactive security measures to the customer.

• Prepare risk reports and dashboards for stakeholder review.

Compliance

• Ensure compliance with relevant regulations including GDPR, PDPA, HIPAA, SOX, and other applicable laws.

• Lead internal and external cybersecurity audits and assessments.

• Maintain comprehensive compliance documentation and evidence for regulatory bodies.

• Coordinate with legal and compliance teams to manage cybersecurity-related legal risks.

• Design and oversee compliance training initiatives to ensure employee awareness and adherence.

Qualifications & Experience

Essential

• 5+ years of experience in cybersecurity, specifically within Governance, Risk, and Compliance roles.

• Proven experience in highly regulated industries such as finance, healthcare, or government.

• Strong working knowledge of industry frameworks: ISO 27001, NIST, CIS Controls, SOC 2.

• Familiarity with data protection regulations: PDPA, GDPR.

• Experience leading internal and external audits.

• Excellent communication and stakeholder management skills.

Preferred

• Familiarity with security tools such as GRC platforms, SIEMs, and vulnerability scanners.

• Professional certifications such as CISA, CRISC, CISM, or CISSP.

• Experience working in a client-facing or consulting role.

Personal Attributes

• Strong analytical and problem-solving skills.

• Ability to translate technical risks into business language.

• Detail-oriented with a focus on documentation and evidence management.

• Proactive and able to work independently at the customer's premise.

• Collaborative mindset to work effectively with technical, legal, and business teams.