POSITION OVERVIEW 

We are seeking an experienced Senior GRC Consultant to join our GRC consulting practice. In this client-facing role, you will lead end-to-end GRC consulting engagements — guiding clients through the scoping, implementation, and certification of frameworks such as ISO 27001, Cyber Trust Mark, NIST CSF, SOC 2, and other regulatory standards. You will serve as the primary point of contact for clients, managing project delivery and building long-term advisory relationships across multiple industries. 

KEY RESPONSIBILITIES 

Lead end-to-end GRC consulting engagements for clients across multiple industries, from scoping through to certification or sign-off 

Serve as primary client relationship manager, managing expectations, timelines, and deliverables across concurrent projects 

Conduct gap analyses and readiness assessments for frameworks including CCoP, IM8, Security-by-Design, ISO 27001, PDPA / Privacy Assessment, SOC 2 Type II, NIST CSF 

Perform system architecture reviews and threat modelling 

Conduct Security Systems Acceptance Test (SSAT) 

Conduct tabletop exercises and security awareness trainings 

Guide clients through the full ISO 27001 certification lifecycle: scoping, ISMS design, risk assessment, control implementation, internal audit, and certification audit support 

Support clients pursuing Singapore's Cyber Trust Mark and Cyber Essentials certifications, including assessment preparation and remediation advisory 

Develop client-facing deliverables: gap assessment reports, risk registers, ISMS documentation, policies, procedures, and remediation roadmaps 

Facilitate client workshops, interviews, and walkthroughs with stakeholders across technical and business teams 

Mentor junior consultants on project delivery, client interaction, and technical GRC content 

Contribute to the development of internal methodologies, templates, and service offerings 

QUALIFICATIONS & REQUIREMENTS 

Education 

Bachelor's degree in Information Security, Computer Science, or a related field 

Master's degree or postgraduate qualification in Risk, Compliance, or Cybersecurity is advantageous 

Experience 

Minimum 4 - 6 years of experience in GRC consulting, information security advisory, or IT audit roles 

Proven track record delivering ISO 27001 implementations or certification projects for external clients 

Hands-on experience with Singapore's Cyber Trust Mark or Cyber Essentials framework is a strong advantage 

Experience managing multiple client projects simultaneously in a consulting or professional services environment 

Familiarity with sectors such as financial services, healthcare, government, or technology is a plus 

Certifications (Preferred) 

CISSP – Certified Information Systems Security Professional 

ISO 27001 Lead Auditor / Lead Implementer 

CISA – Certified Information Systems Auditor 

CISM – Certified Information Security Manager 

AWS Related Certifications 

Azure Related Certifications 

SKILLS & COMPETENCIES 

Deep working knowledge of ISO 27001, PDPA / Privacy Assessment, SOC 2 Type II, NIST CSF, CCoP, IM8, Security-by-Design and related standards 

Experience in performing system architecture reviews and threat modelling 

Experience in conducting tabletop exercises and security awareness trainings 

Experience in conducting Security Systems Acceptance Test (SSAT) 

Strong client management skills — able to build trust, communicate clearly, and manage difficult conversations 

Excellent written communication: proficient in producing professional reports, policies, and executive presentations 

Ability to translate complex technical GRC requirements into business-friendly language for non-technical clients 

Experience facilitating workshops and training sessions for diverse stakeholder groups 

Strong project management discipline — able to handle multiple engagements with competing deadlines 

Comfortable working independently on client sites and representing the firm professionally 

WHAT WE OFFER 

Competitive salary with performance-based bonus 

Medical and dental coverage 

Professional development budget and certification support 

Flexible hybrid work arrangement 

Collaborative and growth-oriented team environment