About this role
JJ Consulting Services is a recruitment firm and preferred partner for multinational companies expanding in Asia. Our consultants bring deep industry and functional expertise, delivering top professional and staffing solutions to clients and candidates. Our client is a leading company in Singapore. You will lead the design and implementation of a strategic cybersecurity governance, risk, and compliance (GRC) framework. Your mission is to embed risk management into all digital systems, transforming GRC into a business enabler across IT, Cloud, and Operational Technology environments. Responsibilities Establish and maintain dynamic security risk registers that reflect current threats and project statuses across agencies Lead senior management risk discussions by translating complex technical risks into clear business impacts to guide resource prioritization Develop and implement a consistent risk analysis framework that enables agencies to take calculated risks for innovation Create and uphold unified Threat Risk Assessment (TRA) standards for Cloud, Web Applications, and OT/ICS domains Develop SOPs for identifying critical information assets ("Crown Jewels") and mapping comprehensive threat vectors Define and enforce standardized security controls that effectively mitigate identified risks beyond baseline compliance Lead the development and execution of a Zero Trust Framework emphasizing identity-based security and micro-segmentation Provide expert governance, risk, and compliance advisory during the design of high-impact systems to ensure security-by-design Evaluate and recommend security technologies that address specific risks and maintain defense relevance against evolving threats Establish frameworks for managing third-party and software supply chain risks, including assessing cyber-resilience of vendors and dependencies Drive agencies toward continuous compliance readiness and proactive audit preparation Oversee closure of audit findings by ensuring substantive technical fixes rather than superficial measures Partner with stakeholders to foster a proactive risk management culture through education and advocacy Monitor evolving threat actor tactics and technology trends to ensure defenses remain current and effective Required competencies and certifications 10 to 12 years of experience in Cybersecurity GRC, Information Security Risk Management, or Security Architecture Proven expertise managing risks across IT and Cloud environments; experience with Operational Technology systems is a significant advantage Deep knowledge of security policies (e.g., Instruction Manual on IT Management) and international standards such as NIST and ISO 27001 Mastery of risk assessment methodologies (e.g., TVRA) with the ability to translate technical vulnerabilities into business risks Strong technical understanding of Zero Trust Architecture components and cloud security technologies including Firewalls, EDR, IAM, SIEM, CSPM, CWPP, CASB, and secrets management Ability to map technical controls to the MITRE ATT&CK framework to ensure comprehensive defensive coverage Proficiency in manual and automated offensive security testing tools and deep understanding of MITRE ATT&CK framework and common TTPs Preferred competencies and qualifications Professional certifications such as CISM, CRISC, CISSP, OSCP, or OSWE are highly preferred Strategic influence skills to educate and persuade senior stakeholders on rigorous risk governance Critical thinking to identify and resolve systemic issues beyond surface-level audit compliance Commitment to continuous learning on emerging security technologies and cyber threat landscapes Exceptional ability to articulate complex technical risks into business terms for non-technical senior executives Other Information Applicants are invited to send a MS Word resume to jobs@jjconsulting.com.sg stating the position applied for, current and expected salaries, and earliest availability. We thank all applicants in advance; only shortlisted candidates will be notified. EA Licence No.: 12C6207 JJ Consulting Services
What they're looking for
TacticsSecurity GovernanceRisk GovernanceRisk Assessment
About Jj Consulting Services
Industry: Professional & technical services
Frequently asked questions
What does a Deputy Director (Governance, Risk, And Compliance) at Jj Consulting Services do?
JJ Consulting Services is a recruitment firm and preferred partner for multinational companies expanding in Asia. Our consultants bring deep industry and functional expertise, delivering top professional and staffing solutions to clients and candidates. Our client is a leading company in Singapore. …
What skills does this Deputy Director (Governance, Risk, And Compliance) role need?
Key skills for this role include Tactics, Security Governance, Risk Governance, Risk Assessment.
How much does a Deputy Director (Governance, Risk, And Compliance) at Jj Consulting Services pay?
This role lists a salary of S$15,000 – S$22,000 per month.
Is this Deputy Director (Governance, Risk, And Compliance) role remote, hybrid, or on-site?
The listing is based in Islandwide. Check the posting for remote or hybrid options.
How do I apply for this Deputy Director (Governance, Risk, And Compliance) role?
You can apply directly on Jj Consulting Services's careers page. ApplyLah can tailor your résumé and cover letter to this exact role in seconds first.
