Job Description

1. Project Oversight & Team Leadership

a. Plan, delegate, and monitor project tasks, ensuring timelines, budgets, and quality standards are met.

b. Coach, mentor, and support the professional development of junior team members.

2. Client Engagement & Advisory

a. Deliver high-quality consulting services to clients.

b. Serve as the primary point of contact for clients on GRC-related projects.

c. Understand client needs and provide tailored cybersecurity governance, risk management, and compliance solutions.

d. Facilitate workshops, meetings, and presentations with client stakeholders.

3. Governance & Risk Management

a. Design and implement IT governance frameworks aligned with industry standards (e.g., COBIT, ISO 27001, NIST CSF).

b. Conduct IT risk assessments, gap analyses, and maturity assessments across people, processes, and technology.

c. Recommend and implement risk mitigation strategies and controls

4. Compliance & Audit Readiness

a. Assist clients in achieving and maintaining compliance with regulatory and industry standards (e.g., BNM RMiT, MCA, SOC 2, ISO27001).

b. Lead compliance audits and readiness assessments.

c. Develop policies, procedures, and documentation to support compliance initiatives.

5. Framework Implementation

a. Guide clients in adopting and operationalizing cybersecurity and GRC frameworks (ISO, NIST, CIS, etc.).

b. Translate technical requirements into business-aligned risk strategies.

6. Reporting & Communication

a. Provide regular status updates to both internal and external stakeholders.

b. Communicate technical risk concepts in a clear, business-focused manner.

7. Service Development & Innovation

a. Develop and enhance IT GRC service methodologies.

b. Stay up to date with emerging regulations, standards, and industry trends.

8. Business Development Support

a. Assist in proposal development, RFP responses, and client pitches.

b. Identify new opportunities within existing client accounts.

c. Bridge client requirements with our service offerings

Required Skills:

Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Business IT or equivalent 5 years of experience in IT Governance, Risk Management, Compliance, or Cybersecurity. Familiar with cybersecurity standards/information security standards, best practices, laws, guidelines, benchmarks, etc., such as ISO 27001, NIST CSF, CIS, SOC2, BNM RMiT and PDPA Preferably holding certifications such as ISO 27001: Lead Auditor, CISA, CISSP, CISM, CCISO, etc.) is an added advantage
Job Types: Full-time, Permanent

Benefits:

Additional leave Flexible schedule Health insurance Maternity leave Parental leave Professional development
Application Question(s):

Do you have experience in Consultancy? What is your expected salary? How long is your notice period?
Work Location: In person