IT Security GRC Analyst

Apply now »

Date: 7 May 2025

Location: Braddell, SG

Company: Network For Electronic Transfers (S)

BCS is NETS’ wholly owned subsidiary, and is an entity within the NETS Group. It manages and operates clearing and payment infrastructure for the Singapore Automated Clearing House, including Fast And Secure Transfers (FAST), Inter-bank GIRO (IBG), Cheque Truncation System (CTS), and provides services for PayNow and SGQR Central Repository.

Team and Position Summary

The IT Security Team at BCS ensures the security, availability and resilience of BCS systems, protecting data and mitigating emerging cyber threats in alignment with regulatory requirements.

 

The IT Security Governance, Risk, and Compliance (GRC) unit is a key function within IT Security, responsible to drive cybersecurity governance, oversee cybersecurity risk assessments, manage audits, and ensure robust security compliance monitoring across BCS.

 

The IT Security GRC Analyst reports directly to the Security GRC Lead and serves as a subject matter expert in cybersecurity technologies and governance. The role is responsible for carrying out proactive oversight and monitoring of BCS’ compliance with the IT Security policies and standards.

Key Responsibilities

Governance & Compliance

  • Develop, implement, and maintain security policies, procedures, and standards in line with industry best practices (ISO 27001, NIST, CIS, etc.).
  • Ensure compliance with regulatory requirements (MAS TRMG, CCoP).
  • Assist in internal audits and security assessments to identify gaps and recommend corrective actions.
  • Support third-party risk assessments and vendor security compliance.

Risk Management

  • Conduct risk assessments and identify potential security threats, vulnerabilities, and mitigation strategies.
  • Develop and maintain a security risk register, tracking risk treatment plans and progress.
  • Monitor emerging security threats and ensure proactive risk management strategies.
  • Assist in business continuity and disaster recovery planning related to security risks.

Security Awareness & Training

  • Develop and deliver security awareness training programs for employees.
  • Promote a culture of security by advising stakeholders on best practices.

Requirements

Educational and Experience

  • Bachelor’s in Computer Science, Computer Engineering, Information Security, or related fields.
  • Minimum of 4 years in security governance, risk, or compliance management, preferably within the financial services or payment systems industry.

​​​​​​​

Skills and Knowledge

  • Strong understanding and familiarity with regulatory requirements such as MAS Notice on TRM, MAS Notice on Cyber Hygiene, MAS Technology Risk Management Guidelines, MAS Outsourcing Guidelines and the Cybersecurity Code of Practice are preferred
  • Good knowledge of industry security framework such as NIST Cybersecurity Framework
  • Strong problem-solving and analytical skills with a keen eye for details
  • Excellent communication and stakeholder management skills
  • Working experience in a highly regulated environment would be advantageous

 

Professional Certifications

  • Preferred certifications include Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), or any relevant certification in governance, risk, and compliance.

Banking Computer Services Pte Ltd (a subsidiary of Network for Electronic Transfers (Singapore) Pte Ltd)