Cyber GRC Consultant (Consultant - HKG)

Job Overview

Ensign InfoSecurity is the largest pure-play end-to-end cybersecurity service provider in Asia.  Headquartered in Singapore, Ensign offers bespoke solutions and services to address their clients’ cybersecurity needs.  Our core competencies are in the provision of cybersecurity advisory and assurance services, architecture design and systems integration services, and managed security services for advanced threat detection, threat hunting, and incident response.

The candidate will work under Ensign Advisory, we draw on our vast experience in cyber security and risk management and our insights into the tactics, techniques and procedures used by threat actors to help you anticipate threats, disrupt attacks and respond decisively.  Ensign offers strategic advisory and consultancy services to enable our client’s organisation – from the leadership team to security operations – with a ‘shift left’ mentality to proactively combat emerging threats. 

Duties and Responsibilities

• Lead standard, and support complex, cyber security projects in the Governance, Risk and Compliance domain.
• Perform technology risk assessments, assess the effectiveness of processes/controls and make recommendations to improve the technology control environment.
• Perform maturity assessments using the NIST Cybersecurity Framework (CSF) to identify and address gaps in security practices.
• Perform pre-assessments to ensure compliance with Multi-Level Protection Scheme (MLPS) requirements and guide remediation efforts.
• Conduct ISO 27001 gap analysis and audits to identify non-compliance areas and recommend corrective actions.
• Design and facilitate tabletop exercises to simulate security incidents for senior executives.
• Support in the development of privacy-related services, including client engagement and commercial frameworks.
• Prepare and present high-quality reports detailing security issues, making recommendations, and identifying solutions
• Support pre-sales processes and working with the Business Development team to win new deals.

Requirements

• Degree in information security, computer science or related field
• At least 4 years of information security exposure
• Good working knowledge of relevant standards, security frameworks and regulations (ISO27001, NIST, GDPR, CSL, MLPS, GL20, PDPO, PIPL)
• Excellent written and verbal communication skills
• Broad knowledge across multiple technical domains and willing to learn
• Confident and assured presentation skills – at ease with senior stakeholder engagement

Preferred Skills /Qualities

• Good communication/presentation skills
• Continuous learning: ability to stay up to date with the latest security trends, techniques, and tools.
• Able to work collaboratively and independently
• Knowledge of security regulations and standards such as NIST Cybersecurity Framework and ISO 27001.
• Industry certifications such as CISSP/CISM/CRISC highly preferred