Director, Cyber Gov, Risk and Compliance

An empowering career at Singtel begins with a Hello. Our purpose to Empower Every Generation connects people to the possibilities they need to excel. Every hello at Singtel opens doors to new initiatives growth and BIG possibilities that takes your career to new heights. So when you say hello to us you are really empowered to sayHello BIG Possibilities.

Looking for an opportunity to elevate your career Our internal mobility program is just what you need!

In Singtel Group we strongly believe that our employees are our most valuable assets and are committed to creating a culture that supports your professional growth. By exploring new job opportunities within the company you can expand your skill sets gain exposure to different areas of the business and build a diverse and fulfilling career.

If you are keen to explore this position or would like to refer a friend please apply with an updated resume attached. Should you have any questions or concerns please do not hesitate to reach out to the Talent Acquisition Manager in charge.

Be a Part of Something BIG!

Reporting to the Group Chief Information Security Officer (GCISO) the Group Cyber Governance Risk & Compliance (GRC) Director is a senior Group-level leadership role accountable for setting maintaining and enforcing Singtel Groups cyber security policies standards and compliance posture. The role owns the Group cyber policy framework control standards and assurance mechanisms that ensure cybersecurity risks are consistently identified assessed managed and reported across all Operating Companies and Associates.

Working closely with OpCo risk and security leaders the role defines Group-wide cyber governance requirements including policies minimum control standards and risk acceptance principles. These policy guardrails establish clear expectations for due care regulatory compliance and secure-by-default outcomes while allowing measured flexibility for local operating contexts.

As a policy authority and trusted governance advisor the Group GRC Director provides independent oversight and challenge on major initiatives and material risk decisions. The role ensures that cybersecurity risks are formally assessed against Group policies and standards that policy exceptions are governed through defined approval processes and that residual risks are transparently escalated and accepted at the appropriate level.

This position requires strong risk judgement regulatory insight and executive influence with the ability to translate complex technical and cyber risks into clear policy positions compliance outcomes and Board-level risk narratives. The role bridges business technology and security by embedding disciplined policy governance compliance assurance and accountability into the Groups operating model.

Make an Impact by

Governance Policy & Standards

• Act as the Group owner and governing authority for Singtel Group Cyber Security Policies Standards and Control Libraries ensuring consistent application resilience and enforceability across all OpCos and Associates.
• Establish maintain and evolve Group-wide minimum cybersecurity requirements including approval of material policy updates standards enhancements and control baselines.
• Continuously assess Singtel Group Cyber Security Policies and Standards against industry best practices and regulatory expectations (e.g. ISO/IEC NIST CIS Controls GSMA) ensuring safeguards remain effective against the evolving threat landscape.
• Own and govern the policy exception and risk acceptance process including escalation thresholds decision authorities and documentation of residual risk.
• Drive security culture and controls adoption through structured stakeholder engagement training and enablement across the Group.

Controls Risk Framework & Risk Visibility

• Define and own the Group Cybersecurity Controls and Risk Framework including methodologies to assess inherent risk control effectiveness control maturity and residual risk across cyber domains.
• Develop and maintain controls risk metrics KRIs and gap indicators to provide consistent risk-based visibility of cybersecurity posture across Singtel Group.
• Translate controls and compliance outcomes into executive- and Board-level insights supporting prioritisation remediation planning and informed risk decisions.

Compliance Assurance Automation & Continuous Monitoring

• Own the Group Compliance Assurance Framework defining how compliance with Group Cyber Security Policies and Standards is assessed validated and reported across OpCos and Associates.
• Lead the transition from point-in-time assessments to continuous controls assurance leveraging technology to provide near-real-time visibility of controls effectiveness and cyber resilience.
• Establish and execute a Group-wide digital GRC platform strategy as the single source of truth for governance risk management compliance exceptions and audit evidence.
• Drive the adoption of automation and agentic AI to scale compliance assessments evidence collection and controls monitoring while maintaining auditability traceability and regulator confidence.

Business Regulatory & Cyber Leadership

• Serve as the Group authority on cyber governance and risk providing trusted advisory and challenge to senior management and Boards on cybersecurity risk posture and material exposures.
• Maintain awareness of emerging cyber threats technologies (e.g. AI quantum) and regulatory developments translating these into risk-aligned governance and control enhancements.
• Act as a key interface with auditors and external assessors on matters related to cyber governance compliance and assurance.
• Provide thought leadership and effective stakeholder engagement balancing business enablement with risk discipline and regulatory expectations across the Group.

Budget & Resource Stewardship

• Assist in planning and managing budgets for GRC programs.
• Recommend resource allocation strategies to optimize cost scale and talent effectiveness.

Stakeholder Engagement & Influence

• Lead and contribute to cross-functional governance
• Collaborate with GRC leads across OpCos to align on Group cyber governance requirements policy interpretation risk assessment approaches and compliance expectations including the treatment of emerging technologies and new risk paradigms.
• Engage internal stakeholders across business technology and risk functions to ensure cybersecurity governance risk posture and compliance priorities are aligned with enterprise objectives and risk appetite.
• Drive Group-wide alignment and awareness of cyber risk and compliance priorities promoting consistent understanding of policies standards and risk responsibilities across all Operating Companies and Associates.

Skills for Success

• Bachelors degree in computer science Information Technology Cybersecurity or a related field.
• At least 10 years of experience in cybersecurity technology risk or GRC roles with demonstrated experience operating in Group-level regional or multi-entity environments overseeing policy risk and compliance across complex organisations.
• Demonstrated experience leading and governing large-scale cybersecurity or technology risk initiatives including setting Group standards driving compliance programmes managing material risk issues and engaging senior executives and Boards.
• Deep expertise in cybersecurity governance risk management and control frameworks including NIST CSF ISO/IEC 27001/27002 CIS Controls and risk-based control models with the ability to set interpret and enforce Group-wide policy and control standards.
• Strong understanding of telco cloud and enterprise IT operating environments including cloud platforms identity and access management data protection and network security to enable informed risk-based policy decisions and governance oversight of emerging technologies (e.g. AI and quantum).
• Proven ability to translate complex technical and cyber risks into clear governance positions executive briefings and Board-level risk narratives that support informed decision-making and risk acceptance.
• Professional certifications preferred: CISSP CISM CRISC CCSP or equivalent credentials supporting senior leadership in governance risk and compliance.
• Demonstrated awareness of emerging cyber threats regulatory developments and evolving risk paradigms with the ability to anticipate impacts to Group policy controls and assurance approaches.

Leadership and Collaboration:

• Exceptional leadership collaboration and team management skills.
• Ability to work effectively with diverse stakeholders including subsidiaries in a conglomerate or multi-subsidiary environment.
• Strong analytical decision-making and problem-solving skills especially in dynamic and high-pressure situations.

Rewards that Go Beyond

• Flexible work arrangements
• Full suite of health and wellness benefits
• Ongoing training and development programs
• Internal mobility opportunities

Are you ready to say hello to BIG Possibilities

Take the leap with Singtel to unlock new opportunities and accelerate your growth. Apply now and start your empowering career!

We are committed to a safe and healthy environment for our employees & customers and will require all prospective employees to be fully vaccinated.