Cybersecurity Risk & Governance Lead

SCIENTE INTERNATIONAL PTE. LTD.

Job Summary

We are seeking a Lead / Senior Cybersecurity Governance Specialist to join the CISO Office, responsible for shaping and driving enterprise-wide cybersecurity governance, risk management, and security architecture standards across a large, complex organisation.

Mandatory Skill-set

  • 10–12 years of experience in Cybersecurity GRC, Information Security Risk Management, or Security Architecture, with exposure to large, complex enterprise environments;
  • Proven ability to manage cybersecurity risks across enterprise IT, cloud platforms, and large-scale digital systems;
  • Must have strong knowledge of security governance frameworks, including Singapore Government policies (e.g., IM on IT Management), NIST, and ISO 27001;
  • Must have strong expertise in risk assessment methodologies (e.g., TVRA) and translating technical vulnerabilities into business risk;
  • Deep understanding of Zero Trust Architecture (ZTA) and modern cybersecurity technologies such as Firewalls, EDR, IAM, SIEM, CSPM, CWPP, CASB, and secrets management;
  • Ability to map defensive controls to the MITRE ATT&CK framework, with solid understanding of offensive security concepts and threat actor TTPs;
  • Excellent stakeholder management, communication, and presentation skills, with the ability to influence senior leadership;
  • Strong analytical and critical thinking skills to identify systemic security issues and drive continuous improvement.

Desired Skill-set

  • Exposure to Operational Technology (OT) and Industrial Control Systems (ICS) security environments;
  • Hands-on experience with manual and automated security testing and assessment tools;
  • Professional cybersecurity certifications such as CISM, CRISC, CISSP, OSWE, with OSCP as a good-to-have;
  • Experience working within large-scale government, regulated, or critical infrastructure environments;
  • Familiarity with advanced threat intelligence, attack simulation, and adversary emulation concepts.

Responsibilities

  • Establish and maintain organisation-wide cybersecurity risk registers as living artefacts reflecting real-time threats and project risks;
  • Lead and facilitate risk discussions with senior management, CIOs, and agency leaders, translating technical risks into business and operational impact;
  • Develop and implement consistent risk analysis frameworks that enable informed risk-taking and innovation;
  • Embed cybersecurity risk management across the full system lifecycle, from design to deployment and operations;
  • Define and govern unified Threat Risk Assessment (TRA) standards across cloud, web applications, and OT/ICS environments;
  • Establish SOPs for Crown Jewel identification, critical information asset classification, and comprehensive threat modelling;
  • Standardise and govern security controls to ensure technical effectiveness beyond baseline compliance;
  • Lead the development and execution of a Zero Trust Architecture (ZTA) roadmap, including identity-based security and micro-segmentation;
  • Provide security architecture and GRC advisory for high-impact and critical digital systems;
  • Evaluate and govern security technologies to ensure continued effectiveness against evolving threats;
  • Establish and manage third-party and software supply chain risk management frameworks;
  • Define standards to assess vendor cyber resilience and manage risks from open-source and third-party dependencies;
  • Drive continuous audit readiness, oversee closure of audit findings, and ensure root-cause remediation;
  • Analyse audit trends to identify systemic security weaknesses and implement proactive improvements;
  • Partner with CIOs, CISOs, and project owners to build a proactive, risk-informed security culture;
  • Track evolving threat actor TTPs and emerging technologies, periodically reviewing the effectiveness of security controls.

Should you be interested in this career opportunity, please send in your updated resume to ***email_hidden*** at the earliest.

When you apply, you voluntarily consent to the disclosure, collection and use of your personal data for employment/recruitment and related purposes in accordance with the SCIENTE Group Privacy Policy, a copy of which is published at SCIENTE’s website

( https://www.sciente.com/privacy-policy).

Confidentiality is assured, and only shortlisted candidates will be notified for interviews.

EA Licence No. 07C5639

Apply Now Apply Now Post a Resume

See more jobs in Singapore, Singapore, jobs in Singapore