Job Description

As a Principal Engineer (GRC), you will execute and own day‑to‑day cybersecurity governance, risk and compliance activities across StarHub’s business units. You will ensure our digital assets and projects comply with internal security policies and Singapore telco regulatory obligations (e.g., IMDA, CSA, TCS, BCS, CCoPv2) while uplifting our detection and response capabilities. You will collaborate with internal teams, our MSSP, and external consultants to deliver security reviews, exercises, and remediation on time and to a high standard.

Accountabilities:

• Drive and lead the end-to-end lifecycle of information security governance & policy management.2. Drive and lead the cyber risk management and reporting.
• Drive and lead the 2nd line assurance & compliance monitoring.
• Drive 2nd line oversight and support for audit engagement with 1st line stakeholders.
• Drive security culture, advisory & stakeholder engagement
  
  

Responsibilities:

• Manage the development of Starhub Information Security policies and sub-policies for adoption
• Manage the Starhub Information Security policies and sub-policies compliance risk
• Manage the cyber risk oversight by evaluating the adequacy and effectiveness of risk management practices and controls implemented by 1st line (i.e. risk owner, control owner, control supervisor, control performers) of Starhub to ensure proper adherence to risk assessment processes.
• Manage the Starhub Information Security policies and sub-policies security/risk deviation process
• Manage the Starhub risk profile and maintain the Starhub risk register for IT Security / Cybersecurity risks relating to CII & Non-CII
• Develop and drive regular monitoring and reporting of Starhub key risk indicators for Cybersecurity
• Manage regular risk reporting and risk escalation to Senior Management or other relevant risk forums
• Manage Control & Compliance Framework through timely updates of industry standards and regulatory compliance requirements
• Perform 2nd line assurance review (e.g. control review/testing) on 1st line stakeholders to ensure adherence with Starhub policies and Sub-policies / Regulatory compliance requirements, provide actionable, recommendations, and engage stakeholders for implementation
• Provide timely communication / awareness to stakeholders on Starhub policies and sub-policies for implementation
• Provide advisory to stakeholders on Starhub Information Security policies and sub-policies requirement
• Conduct briefings and trainings on Cyber risk / Policy awareness (i.e. Cyber risk management process, Policy compliance, Emerging cyber risk/trend, Issues and Observations from 2nd line control review/testing, and audit related findings) to relevant stakeholders and to support the Starhub Cybersecurity Awareness Programme.
• Provide 2nd Line oversight and support throughout the audit engagement with 1st line stakeholders: ensuring readiness before the audit begins, facilitating fieldwork execution, and monitoring remediation of findings post-audit.
• Maintaining a tracker for audit findings (or audit issues registers) to monitor remediation progress, to ensure audit closure issues, to support the scoping for 2nd line assurance review.