Senior Cybersecurity Consultant (GRC)

Job Summary

Required Qualifications

• Bachelor's degree in Computer Science, Information Security, or a related discipline; a Master's degree is advantageous
• Minimum 5 years of progressive experience in cybersecurity GRC, encompassing governance framework development, risk management, regulatory compliance advisory, and threat exposure management
• Demonstrated experience designing or implementing CTEM programmes, including attack surface management, vulnerability prioritisation, and exposure validation across enterprise environments
• Demonstrated experience leading complex GRC engagements and advising senior leadership in large enterprise or government environments
• Deep knowledge of GRC frameworks and regulatory standards including ISO 27001, NIST CSF, MAS TRM, CSA guidelines, and related compliance requirements
• Familiarity with CTEM-aligned tools and methodologies such as Breach and Attack Simulation (BAS), attack surface management (ASM) platforms, and threat-informed defence approaches including MITRE ATT&CK
• Exceptional stakeholder management skills with a proven ability to influence and advise at the executive and board level
• Strong leadership and mentoring capabilities, with experience guiding junior consultants and managing cross-functional workstreams
• Strategic thinker with the ability to navigate regulatory complexity, manage competing priorities, and deliver under pressure
• Professional certifications such as CISSP, CISM, CRISC, ISO 27001 Lead Auditor/Implementer, or CTEM-related credentials are highly preferred.