Senior GRC Consultant

About the role

We are looking for an experienced Senior GRC Consultant to lead end‑to‑end governance, risk and compliance engagements for clients across multiple industries. You will act as the primary point of contact, guiding organisations through scoping, implementation and certification of standards such as ISO 27001, NIST CSF, SOC 2 and Singapore’s Cyber Trust Mark.

Key responsibilities

• Lead full‑cycle GRC projects from initial scoping to certification or sign‑off.
• Manage client relationships, expectations, timelines and deliverables across concurrent engagements.
• Conduct gap analyses, readiness assessments and risk assessments for frameworks including ISO 27001, PDPA, NIST CSF, SOC 2, Cyber Trust Mark and Cyber Essentials.
• Perform system architecture reviews, threat modelling, Security Systems Acceptance Tests and tabletop exercises.
• Develop and deliver client‑facing artefacts such as gap reports, risk registers, ISMS documentation, policies, procedures and remediation roadmaps.
• Facilitate workshops, interviews and stakeholder walkthroughs.
• Mentor junior consultants and contribute to internal methodology development.

Required profile

• Bachelor’s degree in Information Security, Computer Science or related field (Master’s preferred).
• 4‑6 years of experience in GRC consulting, information security advisory or IT audit.
• Proven track record delivering ISO 27001 implementations or certifications.
• Experience with Singapore’s Cyber Trust Mark or Cyber Essentials is a strong advantage.
• Familiarity with financial services, healthcare, government or technology sectors.

Required skills

• ISO 27001 implementation and certification
• NIST CSF, SOC 2, PDPA, Cyber Trust Mark, Cyber Essentials frameworks
• Risk assessment and gap analysis
• Threat modelling and security architecture review
• Security Systems Acceptance Testing (SSAT)
• AWS and Azure cloud platforms (certifications preferred)