The Opportunity We are seeking an experienced Cybersecurity Consultant specialising in Governance, Risk & Compliance (GRC) to support the delivery of ISO/IEC 27001, CSA Cyber Essentials Mark (CEM), Cyber Trust Mark (CTM), Threat and Risk Assessment (TRA), and regulatory compliance engagements. Reporting to the GRC Lead, you will work with clients to strengthen their security governance, prepare for audits and certification, meet regulatory expectations, and develop sustainable security capabilities. You will also collaborate closely with clients’ management and IT teams, as well as our penetration testing, Security Operations Centre (SOC), and security architecture teams. Key Responsibilities GRC and Compliance Support and deliver ISO/IEC 27001, CSA Cyber Essentials Mark, and Cyber Trust Mark readiness and implementation engagements. Conduct compliance gap assessments and maturity evaluations against relevant standards and regulations, including MAS TRM, PDPA, NIST, and GDPR. Develop audit-ready ISMS documentation, including policies, procedures, Statements of Applicability, risk registers, control mappings, and risk treatment plans. Support clients during internal audits, external certification audits, and regulatory assessments. Track findings and work with client stakeholders to support the timely completion of remediation activities. Risk Assessment and Cyber Exercises Conduct cybersecurity Threat and Risk Assessments for cloud, enterprise, and regulated environments. Identify critical assets, threats, vulnerabilities, business impacts, and risks, and recommend appropriate mitigation measures. Produce clear and comprehensive assessment reports aligned with applicable CSA, NIST, and ISO methodologies. Design, facilitate, and document tabletop exercises, incident-response simulations, and cyber crisis exercises under the guidance of the GRC Lead. Security Governance and Advisory Develop and enhance security policies, incident-response plans, governance frameworks, and risk-management processes. Review system and cloud environments from a governance, risk, and compliance perspective. Assess areas such as access control, logging and monitoring, encryption, network security, and data flows. Provide practical, risk-based recommendations that balance security, compliance, and business requirements. Deliver cybersecurity awareness briefings and support clients’ security governance initiatives. Project Delivery and Stakeholder Engagement Manage assigned project activities and workstreams under the direction of the GRC Lead. Support the management of project timelines, deliverables, risks, and stakeholder expectations. Collaborate with penetration testing, SOC, cloud, and security architecture teams to translate technical findings into business and compliance risks. Prepare and present assessment findings, risk positions, and recommendations to client stakeholders. Escalate material risks, project issues, and compliance concerns to the GRC Lead. Provide regular progress updates and contribute to the successful delivery of client engagements. Reporting Line This position reports to the GRC Lead.