Lead or Senior Cybersecurity Governance Specialist
LMA Recruitment SG ·www.lmarecruitment.com.sg
Apply direct
As a Lead or Senior Cybersecurity Governance Specialist, you will be responsible for designing and governing enterprise-wide cybersecurity risk and governance frameworks. This role provides strategic leadership across security governance, risk management, and architecture assurance, ensuring that cybersecurity enables — rather than constrains — digital transformation.
Your mandate is to evolve governance, risk, and compliance (GRC) from a compliance-driven function into a risk-informed, decision-enabling discipline. You will establish frameworks that allow organisations to adopt new technologies with confidence, ensuring that security risk management is embedded across the full lifecycle of digital systems — from web and cloud platforms to critical Operational Technology (OT) environments.
Key Responsibilities
Enterprise Risk Governance & Management
Experience
Your mandate is to evolve governance, risk, and compliance (GRC) from a compliance-driven function into a risk-informed, decision-enabling discipline. You will establish frameworks that allow organisations to adopt new technologies with confidence, ensuring that security risk management is embedded across the full lifecycle of digital systems — from web and cloud platforms to critical Operational Technology (OT) environments.
Key Responsibilities
Enterprise Risk Governance & Management
- Dynamic Risk Registers: Establish and oversee enterprise-level security risk registers, ensuring they function as living tools that reflect real-time threat conditions, system changes, and project risk posture.
- Executive Risk Facilitation: Lead high-level risk discussions with senior management and technology leaders, translating complex technical exposures into clear business impact to support informed prioritisation and investment decisions.
- Risk Analysis Frameworks: Design and implement consistent risk assessment methodologies that enable informed risk-taking for innovation, rather than defaulting to risk avoidance.
- Standardised TRA Frameworks: Define and maintain enterprise-wide standards for conducting Threat Risk Assessments across cloud, web applications, enterprise IT, and OT / ICS environments.
- Critical Asset Identification: Develop SOPs to guide teams in identifying crown-jewel assets and mapping comprehensive threat scenarios and attack paths.
- Control Effectiveness Assurance: Establish common security configuration standards and ensure controls are technically effective in mitigating identified risks, not merely compliant with baseline requirements.
- Zero Trust Strategy: Lead the development of a Zero Trust roadmap, setting standards for identity-centric security, micro-segmentation, continuous verification, and modern access controls.
- Architecture Advisory: Provide governance and risk input during the design of high-impact systems to ensure secure-by-design principles and alignment with enterprise standards.
- Technology Evaluation: Assess and recommend security technologies that directly address identified risk scenarios, ensuring defensive capabilities remain effective against modern threat actors.
- Third-Party Risk Frameworks: Establish governance models for managing cybersecurity risks across vendors, service providers, and the software supply chain.
- Dependency Risk Management: Define standards for assessing third-party cyber resilience and managing risks arising from software dependencies, including open-source components.
- Continuous Audit Readiness: Shift audit posture from reactive preparation to continuous compliance and operational readiness.
- Root Cause Remediation: Oversee the closure of audit findings, ensuring remediation addresses underlying technical and process weaknesses rather than surface-level fixes.
- Systemic Risk Analysis: Analyse audit outcomes and risk trends to identify systemic weaknesses and drive enterprise-wide improvements.
- Risk Advocacy: Partner with senior stakeholders to promote a proactive, ownership-driven risk management culture.
- Threat & Technology Foresight: Monitor evolving attacker tactics, techniques, and procedures (TTPs) and emerging technologies, periodically assessing the continued relevance of existing controls and governance frameworks.
Experience
- Professional Background: 10–12 years of experience in cybersecurity governance, information security risk management, or security architecture.
- Domain Breadth: Proven experience managing risks across enterprise IT and cloud environments; exposure to OT / ICS environments is a strong advantage.
- Regulatory & Standards Knowledge: Strong familiarity with government or regulated-industry security frameworks and international standards such as NIST and ISO/IEC 27001.
- Risk Methodologies: Strong command of risk assessment methodologies (e.g. TVRA) with the ability to translate technical vulnerabilities into business-level risk.
- Security Architecture & Tooling: Broad technical understanding of Zero Trust Architecture components and cloud security technologies, including IAM, EDR, SIEM, CSPM, CWPP, CASB, firewalls, and secrets management.
- Threat Mapping: Ability to map security controls to adversary behaviours using recognised frameworks to ensure meaningful defensive coverage.
- Offensive Security Awareness: Solid understanding of offensive techniques and testing methodologies, enabling realistic assessment of control effectiveness.
- Certifications: Professional certifications such as CISM, CRISC, CISSP, OSCP, or OSWE are highly preferred.
- Strategic Influence: Ability to educate and persuade senior executives on the value of robust cybersecurity governance and risk-informed decision-making.
- Critical Analysis: Strong capability to look beyond checklist compliance to identify and remediate systemic weaknesses.
- Continuous Learning: Demonstrated commitment to staying current with evolving technologies and threat landscapes.
- Risk Translation: Exceptional ability to articulate complex technical issues — such as zero-day vulnerabilities or architectural weaknesses — in clear business and operational terms.
Frequently asked questions
Who is hiring for the Lead or Senior Cybersecurity Governance Specialist role?
LMA Recruitment SG is hiring for the Lead or Senior Cybersecurity Governance Specialist position, a Shazamme client. Apply directly on the employer's career site.
Where is the Lead or Senior Cybersecurity Governance Specialist job located?
The Lead or Senior Cybersecurity Governance Specialist role with LMA Recruitment SG is based in Singapore, SG.
Is the Lead or Senior Cybersecurity Governance Specialist role full-time or contract?
This is a full time position at LMA Recruitment SG.
What experience level is the Lead or Senior Cybersecurity Governance Specialist role?
The Lead or Senior Cybersecurity Governance Specialist position is aimed at lead-level candidates.
How do I apply for the Lead or Senior Cybersecurity Governance Specialist role at LMA Recruitment SG?
Apply directly on LMA Recruitment SG's career page via the Apply button on this listing. ZammeJobs links straight through to the employer's ATS — no third-party form, no resume database.