GRC Specialist

PropertyGuru is Southeast Asia's leading PropTech company, and the preferred destination for over 32 million property seekers monthly to connect with over 50,000 agents monthly to find their dream home. PropertyGuru empowers property seekers with more than 2.1 million real estate listings, in-depth insights, and solutions that enable them to make confident property decisions across Singapore, Malaysia, Thailand and Vietnam.

 was launched in Singapore in 2007 and since then, PropertyGuru Group has made the property journey a transparent one for property seekers in Southeast Asia. In the last 18 years, PropertyGuru has grown into a high-growth PropTech company with a robust portfolio including leading property marketplaces and award-winning mobile apps across its markets in Singapore, Malaysia, Vietnam, Thailand as well as the region's biggest and most respected industry recognition platform – PropertyGuru Asia Property Awards, events and publications across Asia.

For more information, please visit: ; PropertyGuru Group on LinkedIn.

At PropertyGuru, we strive to "Build Southeast Asia's Trust Platform" and security is at the centre of building that trust with our customers, agents, and partners across Singapore, Vietnam, Malaysia, Thailand & India.

The GRC Specialist plays a critical role in managing Governance, Risk, and Compliance functions across PropertyGuru. The role involves assessing and mitigating technology and third-party risks, embedding risk management practices into business processes, and ensuring alignment with regulatory and industry frameworks. The specialist will collaborate with compliance, data protection, and security stakeholders while leveraging automation and dashboards to provide clear visibility of the organization's risk and compliance posture.

RESPONSIBILITIES

Governance & Policy Management

• Develop, maintain, and publish up-to-date information security policies, standards, and guidelines.
• Ensure alignment with industry best practices and oversee approvals, exceptions, and dissemination of security policies.
• Support audits, regulatory reviews, and certification initiatives (ISO 27001, SOC2, PCI DSS, etc.).

​Risk Management (Technology & Third-Party)  

• Identify, assess, and prioritize risks to PropertyGuru's information assets, systems, and data.
• Perform Business Impact Analysis (BIA) and Privacy Impact Assessments (PIA) to evaluate risk exposure.
• Collaborate with business units to implement effective mitigation strategies.
• Conduct onboarding diligence and manage ongoing third-party security risks.
• Automate risk lifecycle management (acceptance, follow-ups, closure) and build dashboards to visualize risk posture.
• Evaluate risks associated with emerging technologies such as AI/ML, GenAI, and LLMs, and establish governance frameworks to address AI model risk, bias, and ethical considerations

Compliance & Privacy  

• Ensure adherence to common standards and regulations: ISO/IEC 27001, NIST CSF, NIST 800-53, SOC2, PCI DSS, SOX ITGC, GDPR, and Singapore PDPA.
• Perform PIA reviews for data processing activities involving PII and recommend mitigation controls.
• Partner with Data Protection lead and Compliance Leads to strengthen insider threat monitoring, reporting, and automated dashboards.
• Support compliance with emerging AI regulations and standards, ensuring responsible AI governance practices  

Incident Response & Awareness

• Respond to security and privacy incidents: containment, investigation, and remediation coordination.
• Build and drive awareness programs, publish training mailers, and automate the tracking of annual training completion.
• Foster a Security First culture across the enterprise.

Automation & Reporting

• Build dashboards (Power BI or via scripting/automation) to provide real-time views of risk, compliance status, and metrics (e.g., risks approved, pending, overdue).
• Automate reporting for insider threat events, regulatory compliance tracking, and risk acceptance workflows.
• Provide concise reporting to management on key risks, compliance posture, and emerging issues.

Collaboration & Stakeholder Engagement

• Work closely with Compliance Lead, Lead Data Protection, Legal, Cyber Defence, and Infrastructure teams.
• Engage business unit leaders to embed risk awareness into processes.
• Support continuous improvement of governance and compliance practices through collaboration and knowledge sharing.

WHO YOU ARE - QUALIFICATIONS

• 6–8 years of hands-on experience in managing Governance, Risk, and Compliance projects.
• Demonstrated knowledge of security, compliance, and privacy frameworks: ISO/IEC 27001, NIST CSF, NIST 800-53, SOX ITGC, SOC2, PCI-DSS, Singapore PDPA, GDPR.
• Strong understanding of data privacy principles and evolving global privacy laws.
• Awareness of AI-related risks, regulatory frameworks, and governance practices (e.g., EU AI Act, NIST AI RMF)
• Practical experience with Business Impact Analysis, Privacy Impact Assessments, and Third-Party Risk Management.
• Hands-on knowledge of cloud-native applications and cloud infrastructure security (AWS, GCP).
• Additional certifications preferred: CISM, CISA, CISSP.
   

SKILLS & PERSONAL ATTRIBUTES

• Proficiency in automation tools, Power BI, or scripting for dashboards and reporting.
• Knowledge of AI risk management, ethical AI principles, and ability to assess emerging risks from automation, GenAI, and AI-enabled platforms
• Excellent documentation, presentation, and collaboration skills.
• Strong verbal and written communication, able to articulate complex topics clearly and concisely.
• Analytical mindset with strong problem-solving skills and attention to detail.
• Ability to influence stakeholders, drive compliance initiatives, and foster a culture of accountability.
• Proactive, adaptable, and motivated to continuously improve GRC maturity.

Our commitment to you:

• Hybrid flexible working that focuses on outcomes over hours.

• Holistic rewards package covering your financial, physical & mental health.

• Multi-directional career development across all levels.

• Inclusive benefits like equal paternity leave, supporting all employees in work-life balance.