About the job Cyber GRC Specialist
InvestaX Overview:
Tokenization SaaS
Tokenize your assets on top of our infrastructure: Our Tokenization SaaS platform is a software-as-a-service solution that enables the issuance, trading, and custody of security tokens for private market assets. We have been granted a Capital Markets Services license and Recognized Market Operator license by the Monetary Authority of Singapore to deal in and operate an organized market for securities, respectively. Our service offers a one-stop solution for all your security token needs, including seamless banking integration, thorough user verification with a KYC module, flexible OTC trading options, primary issuance services, cutting-edge blockchain technology, and smart contract deployment.
IX Swap Overview:
IX Swap empowers you with access to a new and diverse range of private market investment opportunities via security tokens and tokenization. This includes real estate, startups, high-growth companies, and more unique investment opportunities. We deliver this through our Security Token Exchange, IXS Launchpad (Crowdfunding), Tokenization-as-a-Service, and Fractionalized-NFTs platform. All powered by blockchain and DeFi solutions such as AMMs, liquidity pools, and decentralized trading to ensure true liquidity
Role Overview:
The Cyber GRC Specialist (Governance, Risk & Compliance) will contribute to the high-level design of policies, standards, procedures and guidelines for our platforms and systems.
The goal is to assist in managing the overall governance framework, supporting compliance initiatives, and handling security and technology risks within the company's risk appetite.
The role requires a forward-thinking individual with the ability to speak with business and operational personnel regarding new and existing technologies and making recommendations when required.
Responsibilities:
Lead the design, implementation, and ongoing management of cyber risk management activities.
Review, update and maintain the information security policies and procedures
Serve as the subject matter expert in driving Governance, Risk, and Compliance (GRC) adoption within the technology space.
Conduct and coordinate compliance and control assessment activities, ensuring alignment with regulatory requirements.
Own the user awareness training and phishing campaigns within the organization.
Own and establish a third party security review process within the organization.
Work with the Security Engineer and other teams to execute the cyber strategy.
Play a key role in internal reporting of technology and cyber risk to senior leadership.
Qualifications:
Bachelor's degree in computer science, information security, law, business or a related field.
3+ years of experience in similar capacity
Strong understanding of information security principles and practices.
- Knowledge of at least two of the below information security frameworks and standards is a must:
NIST Cybersecurity Framework (CSF)
ISO 27001
COBIT
SOC 2 / AICPA TSC 2017
PCI DSS
- Hold at least one of the following credentials:
ISACA CISA (Certified Information Systems Auditor)
ISACA CISM (Certified Information Security Manager)
ISACA CRISC (Certified in Risk and Information Systems Control)
ISC CISSP (Certified Information Systems Security Professional)
ISC CCSP (Certified Cloud Security Professional)
ISACA CCAK (Certificate of Cloud Auditing Knowledge)
CSA CCSK (Certificate of Cloud Security Knowledge)
ISO 27001 Lead Auditor / Implementer
Proven experience in developing Risk Management Frameworks
Experience in a regulated environment is preferred.
Exposure to MAS Technology Risk Management Guidelines is preferred
Exposure to DevSecOps and Cloud Security is preferred
Excellent problem-solving and analytical skills.
Excellent written and verbal communication skills in English.