Cyber GRC Analyst

About the Role As a Cybersecurity GRC Analyst, you will support organizations in strengthening their cybersecurity posture by assessing maturity, managing risks, and ensuring compliance with global frameworks and regional regulations. You will work closely with clients to translate technical findings into clear business insights and actionable improvement roadmaps. Key Responsibilities • Support cybersecurity maturity, risk, and compliance assessments across frameworks such as NIST CSF, NIST 800-53, ISO/IEC 27001, CIS Controls, IEC 62443, and regional regulations (MAS TRM, PDPA, GDPR, EU AI Act) • Conduct stakeholder interviews, workshops, document reviews, and control walkthroughs to assess current security capabilities • Analyze findings, perform control maturity scoring, and identify gaps and risks in clear, business-relevant language • Develop high-quality deliverables including current state assessments, gap analyses, benchmarking reports, and prioritized remediation roadmaps • Build effective working relationships with client stakeholders across IT, OT, risk, audit, legal, and business teams • Support client meetings and working sessions, including documentation, action tracking, and follow-ups • Collaborate with regional teams across Singapore, Thailand, and APAC to deliver consistent and high-quality outcomes • Contribute to proposals, methodologies, and knowledge assets to strengthen the cybersecurity GRC practice

Requirements:
### Required Qualifications • 1 to 3 years of relevant experience in cybersecurity, GRC, IT audit, risk advisory, or security consulting, preferably in a client-facing role • Working knowledge of at least one cybersecurity framework (e.g., NIST CSF, ISO/IEC 27001, CIS Controls) • Understanding of security domains such as identity and access management, network security, endpoint security, vulnerability management, incident response, and data protection • Familiarity with regulatory requirements in Singapore and APAC, including MAS TRM Guidelines and PDPA • Strong analytical and problem-solving skills, with attention to detail in assessment and reporting • Excellent written and verbal communication skills, with the ability to present technical insights in business terms • Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Engineering, Business, or related field ### Preferred Qualifications (Optional) • Industry certifications such as CompTIA Security+, ISO 27001 Lead Implementer/Auditor, CISA, CRISC, or progress toward CISSP/CISM • Exposure to OT/industrial cybersecurity and IEC 62443 frameworks • Understanding of AI governance, responsible AI practices, or EU AI Act requirements • Experience with GRC platforms such as ServiceNow GRC, Archer, or OneTrust • Prior experience in a consulting environment or professional services firm