Technology & Security GRC Manager

About the TeamYou will join the dynamic Group Information Security team, operating as a vital second line of defence (2LoD) function. With a footprint in multiple global regions, the security team plays a pivotal role in identifying, assessing, mitigating, and monitoring technology and cyber risks, whether they originate from internal projects, existing systems, or external partnerships.Key ResponsibilitiesAs a Tech and Security GRC manager, your expertise is crucial for safeguarding our digital resilience and ensuring regulatory compliance, with a strong emphasis on technical risk assessment across cloud infrastructure and diverse initiatives.Effectively work with cross-functional teams to drive security compliance with local IT regulatory expectations by understanding the regulatory requirements and establishing policies and processes. (e.g., ISO 27001, NIST CSF, SOC 2, and MAS TRM) and best practices.Manage audit and regulatory reviews, including coordination, communication, and required actions with internal auditors, external auditors, regulators, and internal stakeholders as appropriate.Engage with the group Product and R&D teams to proactively identify risks at a detailed and technical level, design and implement technical risk mitigation measures.Proactively track and monitor the implementation of agreed-upon technology and cyber risk mitigation measures and conduct effectiveness reviews to ensure risk reduction to acceptable levels.Any other tasks as allocated by your direct line manager.RequirementsBachelor’s degree in computer science, information security, data privacy, or a related field.Minimum 5 years of experience in technology compliance, security assurance, or related fields.Well-versed with industry regulations and compliance, such as: MAS TRMG and Cyber Hygiene, ISO27001, SOC2, NIST, PCI, PDPA/GDPR, etc.Demonstrates ability to lead and manage projects across multiple teams or groups, including documenting milestones and proactively providing updates to leaders/stakeholders.Experience working in a matrix model as a Group IS team member to support a multi-region business team with security and technology issues, serving as a tech & security business partner (BP).Ability to communicate clearly and effectively on both technology/development issues/concerns to any stakeholders.Strong capability for running multiple tasks simultaneously, understanding priority, and delivery timeline. Comfortable with ambiguity and changes in a fast-paced environment。Bilingual in English and Mandarin to facilitate cross-border collaborations with stakeholders from China