Information and Cyber Security Engineer - GRC
Seeking an experienced Information & Cyber Security Engineer to strengthen a centralized technology function and accelerate secure cloud adoption across a regional operations footprint.
The role focuses on cybersecurity risk assessment, cloud security, third-party assurance, and governance in a regulated financial and banking environment.
Mandatory Skill-set
Must have at least 5+ years of experience in information security, risk management, or cybersecurity roles;
Must have minimum 2+ years hands on experience securing public, private, and hybrid cloud environments;
Strong grasp of threat modelling, risk assessment methodologies, and risk mitigation approaches;
Knowledge of security governance and standards (e.g., ISO 27001, MAS TRM/local regulator frameworks, NIST, CCM);
Demonstrated experience performing IT security risk assessments, vendor/thirdparty security due diligence, and tech obsolescence reviews;
Familiarity with cloud security frameworks, cybersecurity tools, and risk governance;
Prior experience in banking, asset management, or other heavily regulated sectors;
Proven ability to influence senior stakeholders and drive security improvements end-to-end.
Desired Skill-set
Certifications: CISSP, CISM, CRISC, CEH, CCSP, or relevant certifications from ISC2, ISACA, SANS, Microsoft, AWS, CISCO;
Motivated self-starter with leadership skills and the ability to work independently;
Familiarity with security monitoring tools and automation/digitization of workflows;
Strong analytical skills and a pragmatic approach to remediations and controls.
Responsibilities
Plan and carry out comprehensive IT security risk assessments across applications, infrastructure and cloud services;
Lead security due diligence for third-party service providers, including onsite assessments where required;
Identify and manage risks arising from technology obsolescence and platform end-of-life scenarios;
Advise technology and business teams as a trusted subject matter expert on security and risk decisions;
Provide guidance and oversight to regional/subsidiary security teams to ensure consistent risk management practices;
Maintain and enhance security checklists, guidelines, and governance artefacts;
Drive process improvements, automation and digitization to streamline risk management workflows;
Produce regular risk reports and track remediation actions; keep abreast of emerging threats and security trends.
Please send an updated resume to
When you apply, you voluntarily consent to the disclosure, collection and use of your personal data for employment/recruitment and related purposes in accordance with the SCIENTE Group Privacy Policy, a copy of which is published at SCIENTE’s website ().
Confidentiality is assured, and only shortlisted candidates will be notified for interviews.
#J-18808-Ljbffr