Cyber GRC Specialist

InvestaX Overview

Tokenization SaaS

Tokenize your assets on top of our infrastructure: Our Tokenization SaaS platform is a software-as-a-service solution that enables the issuance, trading, and custody of real world assets. We have been granted a Capital Markets Services licence and Recognized Market Operator licence by the Monetary Authority of Singapore to deal in and operate an organised market for securities and real-world asset (RWA) tokens, respectively. Our service offers a one-stop solution for all your RWA needs, including seamless banking integration, thorough user verification with a KYC module, flexible OTC trading options, primary issuance services, cutting-edge blockchain technology, and smart contract deployment.

IX Swap Overview

IX Swap empowers you with access to a new and diverse range of private market investment opportunities via real world assets and tokenization. This includes real estate, startups, high-growth companies, and more unique investment opportunities. We deliver this through our RWA Exchange, IXS Launchpad (Crowdfunding), and Tokenization-as-a-Service All powered by blockchain and DeFi solutions such as AMMs, liquidity pools, and decentralized trading to ensure true liquidity.

Role Overview

The Cyber GRC Specialist (Governance, Risk & Compliance) will contribute to the high-level design of policies, standards, procedures and guidelines for our platforms and systems.

The goal is to assist in managing the overall governance framework, supporting compliance initiatives, and handling security and technology risks within the company's risk appetite.

The role requires a forward-thinking individual with the ability to speak with business and operational personnel regarding new and existing technologies and making recommendations when required.

Responsibilities

• Lead the design, implementation, and ongoing management of cyber risk management activities.

• Review, update and maintain the information security policies and procedures

• Serve as the subject matter expert in driving Governance, Risk, and Compliance (GRC) adoption within the technology space.

• Conduct and coordinate compliance and control assessment activities, ensuring alignment with regulatory requirements.

• Own the user awareness training and phishing campaigns within the organization.

• Own and establish a third party security review process within the organization.

• Work with the Security Engineer and other teams to execute the cyber strategy.

• Play a key role in internal reporting of technology and cyber risk to senior leadership.

Qualifications

• Bachelor's degree in computer science, information security, law, business or a related field.

• 3+ years of experience in similar capacity

• Strong understanding of information security principles and practices.

• Knowledge of at least two of the below information security frameworks and standards is a must:

  • NIST Cybersecurity Framework (CSF)

  • ISO 27001

  • COBIT

  • SOC 2 / AICPA TSC 2017

  • PCI DSS

• Hold at least one of the following credentials:

  • ISACA CISA (Certified Information Systems Auditor)

  • ISACA CISM (Certified Information Security Manager)

  • ISACA CRISC (Certified in Risk and Information Systems Control)

  • ISC CISSP (Certified Information Systems Security Professional)

  • ISC CCSP (Certified Cloud Security Professional)

  • ISACA CCAK (Certificate of Cloud Auditing Knowledge)

  • CSA CCSK (Certificate of Cloud Security Knowledge)

  • ISO 27001 Lead Auditor / Implementer

• Proven experience in developing Risk Management Frameworks

• Experience in a regulated environment is preferred.

• Exposure to MAS Technology Risk Management Guidelines is preferred

• Exposure to DevSecOps and Cloud Security is preferred

• Excellent problem-solving and analytical skills.

• Excellent written and verbal communication skills in English.