Cybersecurity Governance Lead, Financial Services Jobs in Singapore

    Cybersecurity Governance Lead, Financial Services

      Consultant:
      Job Reference No.
      Registration No.
      R1876389
      License No.
      16S8060
      Function
      Cybersecurity & GRC

      Our client is looking for a Security Governance Lead to drive the governance, risk and assurance function within its cybersecurity programme. This role will be responsible for establishing robust governance practices, ensuring regulatory compliance, maintaining an effective control environment, and providing independent oversight of enterprise cybersecurity risks.

      Working closely with security engineering and operations teams, the successful candidate will ensure governance processes evolve alongside the organisation’s cybersecurity capabilities. Given the lean team structure, this role requires someone who is comfortable balancing strategic governance with hands-on execution.

      Responsibilities:

      Security Governance & Policy

      • Develop, maintain and continuously improve enterprise cybersecurity policies, standards and governance documentation.
      • Establish governance processes to ensure policies remain current, effective and aligned with business and regulatory requirements.
      • Develop operational procedures that enable consistent execution of governance and assurance activities.
      • Partner with technology teams to ensure security requirements are embedded into day-to-day operations.

      Technology Risk Management

      • Manage the enterprise cybersecurity risk register, ensuring risks are appropriately assessed, tracked and remediated.
      • Lead risk assessments across technology platforms, operational processes, cloud services and third-party providers.
      • Oversee security exception governance, including compensating controls, approvals, review cycles and risk acceptance.
      • Work with technology teams to translate identified risks into practical remediation plans.

      Assurance & Regulatory Compliance

      • Maintain alignment with applicable regulatory requirements and recognised cybersecurity frameworks.
      • Design and manage a continuous control assurance programme through control testing, evidence validation and periodic reviews.
      • Maintain an audit-ready evidence repository supporting internal audits, external assessments and regulatory reviews.
      • Coordinate audit responses and oversee remediation activities arising from assurance engagements.

      Third-Party Security

      • Lead third-party cybersecurity due diligence covering technology vendors, software platforms and emerging technologies.
      • Maintain oversight of supplier risk throughout the vendor lifecycle, including periodic reassessments.
      • Partner with procurement and legal teams to strengthen contractual security requirements and supplier governance.

      Reporting & Stakeholder Management

      • Develop meaningful cybersecurity risk metrics, KRIs and governance dashboards for senior management.
      • Support governance committees through agenda preparation, risk reporting and action tracking.
      • Prepare executive updates covering cyber risk posture, compliance status and key security initiatives.

      Requirements:

      • 6-10 years of experience in cybersecurity governance, technology risk, compliance or information security assurance.
      • Experience operating within a regulated environment with exposure to regulatory frameworks and technology risk management.
      • Proven experience developing governance frameworks, managing enterprise risk registers and leading control assurance programmes.
      • Strong experience preparing policies, audit responses, executive reporting and regulatory documentation.
      • Good understanding of cybersecurity frameworks and enterprise risk management practices.
      • Experience performing control testing, evidence validation and compliance assessments.
      • Knowledge of third-party risk management and supplier security assurance.
      • Familiarity with cloud security governance and emerging technology risks, including AI, would be advantageous.

      To apply:

      If you’re interested to apply or find out more, please share across your CV or reach out to Chen Yi at cy@kerryconsulting.com for a discussion. Due to anticipated high volume of applications, we regret to inform that only shortlisted candidates will be notified.

      Reg: R1876389

      Lic: 16S8060

      Apply for this position
      Secret Link