Governance, Risk & Compliance (GRC) Specialist - 1 Year Contract
Information Technology
$4200 - $8500 monthly
Job Description
Job Summary:
The Governance, Risk, and Compliance (GRC) Specialist will manage the organization’s risk, compliance, and governance frameworks, focusing on data protection, cybersecurity, and finance-related regulatory compliance. The role involves ensuring adherence to ISO 27001, PDPA, GDPR, PCI-DSS, and financial regulations such as MAS and SEC requirements. The GRC Specialist will collaborate with technical teams to secure cloud environments (AWS/GCP) and ensure compliance with fintech industry standards.
Key Responsibilities:
Governance:
- Develop and maintain governance frameworks, policies, and procedures that align with ISO 27001, PDPA, GDPR, MAS, SEC, PCI-DSS, and other relevant regulations.
- Ensure governance policies address data security, privacy, and regulatory requirements for the financial sector.
- Conduct periodic reviews of governance policies to reflect new regulatory changes and emerging security threats.
Risk Management:
- Conduct risk assessments related to data privacy, cloud infrastructure (AWS/GCP), cybersecurity, and financial compliance (MAS, SEC).
- Work with technical and legal teams to mitigate identified risks and ensure compliance with financial regulations.
- Maintain a risk register and provide regular reports on risk exposure, particularly related to finance-related compliance.
Compliance:
- Ensure compliance with financial regulations such as Monetary Authority of Singapore (MAS), Securities and Exchange Commission (SEC), AML, PDPA, GDPR, and PCI-DSS.
- Support internal and external audits related to ISO 27001 certification, financial regulatory compliance, and data security standards.
- Monitor data flows to ensure proper encryption, access controls, and compliance with financial industry regulations.
Data and Cloud Security:
- Collaborate with data and cybersecurity teams to secure AWS and GCP environments using best practices, including identity and access management (IAM), encryption, and monitoring.
- Ensure that data handling practices comply with financial regulations and ISO 27001/GDPR/PDPA standards.
- Implement and monitor encryption and access control measures to protect sensitive financial data.
Incident Response:
- Assist in developing incident response plans to manage breaches and cybersecurity threats, particularly in compliance with financial industry regulations.
- Investigate and respond to security incidents, ensuring the organization remains compliant with reporting requirements under MAS, SEC, and other regulatory bodies.
- Prepare post-incident reports, outlining actions taken and any improvements to be made to prevent future incidents.
Training and Awareness:
- Develop and deliver training to ensure staff understand governance, risk, and compliance policies, including finance-related regulations.
- Promote compliance with MAS, SEC, and other financial regulations through ongoing awareness programs and updates.
Qualifications:
- Bachelor’s degree in Information Security, Cybersecurity, Computer Science, Data Management, Risk Management, or a related field (Master’s degree preferred).
- 3-5 years of experience in governance, risk, compliance, or cybersecurity roles, preferably in fintech or other highly regulated industries.
- Relevant knowledge of ISO 27001, PDPA, GDPR, MAS, SEC, AML, PCI-DSS, and cloud security (AWS/GCP).
- Experience with data protection, encryption, and secure data storage techniques.
- Familiarity with risk management frameworks and vulnerability assessment tools.
Personal Attributes:
- Strong attention to detail with excellent problem-solving skills.
- Excellent communication skills to work effectively with technical, legal, and regulatory teams.
- Proactive approach to identifying and mitigating risks related to financial compliance and security.
HARBOURFRONT AVENUE,KEPPEL BAY TOWER,1, ,098632
Other open positions
New positions coming soon.