01
Translate requirements into action
Take frameworks, controls, and policy language and turn them into something teams can run with.
Teo Liang Wei | Singapore GRC, ISO 27001, technology risk, and IT compliance
Teo Liang Wei helps teams turn policy into practice.
I work across security, compliance, and technology risk with a bias toward operational clarity. I am comfortable leading from inside an organisation or supporting from the outside in an advisory capacity, helping teams build stronger controls, better habits, and calmer execution without losing the human side of how organisations actually operate.
- Flexible across in-house leadership and advisory work
- Across banking, technology, crypto, and audit
- CISA and ISO 27001 internal auditor
About
From tech curiosity to practical GRC.
I did not set out expecting to build a career in GRC. I studied Mathematics and Economics, was curious about technology and data, and gradually found myself drawn to the work of making systems understandable, governable, and resilient.
Over time, that turned into a professional edge: I am most useful when I can bridge policy and practice. I enjoy working with engineering, security, operations, and leadership to turn controls into habits, audits into progress, and risk into something teams can actually act on.
I am versatile about how that value gets applied. In some cases that means leading from within as a senior risk, controls, or security governance owner. In others, it means stepping in to help an organisation navigate a focused assignment such as ISO 27001 implementation, audit readiness, remediation planning, or control uplift. I care about doing solid work, communicating clearly, and helping organisations build systems that are both compliant and practical.
02
Build trust across functions
Work comfortably between engineers, security teams, auditors, and business stakeholders.
03
Keep it practical
Good governance should strengthen execution, not become ceremony for its own sake.
Experience
A path across audits, fast-moving tech, and regulated environments.
AVP, Risk & Control Specialist, Application, Group Technology
Working close to technology risk and control in a large banking environment where clarity, structure, and execution discipline matter.
Technology Risk & Internal Control Manager
Led ISO 27001 implementation, worked across DevOps, Security, IT, and Engineering, and supported privacy and business continuity efforts.
Information Security Certification and Assurance Analyst
Ran certification and assurance work spanning CBPR, CSA Cyber Trust Mark, ISO frameworks, privacy, and BCM in a high-growth environment.
IT audit, security compliance, and risk foundations
Built my grounding in audits, controls, risk assessments, security baselines, and the discipline of understanding how systems really operate.
Focus
The kind of work I want to be known for in Singapore and beyond.
01 / Leadership
Senior technology risk and control leadership
Leading risk, control, and compliance programs in a way that helps organisations stay credible, well-run, and execution-minded.
02 / ISO 27001
ISO 27001 implementation and audit readiness
Helping teams prepare for ISO 27001, strengthen documentation, improve evidence quality, and move toward audit compliance with less chaos.
03 / Advisory
Bridging business, control, and technical teams
Turning dense requirements into language and action plans that engineers, operators, auditors, and leaders can all align on, whether the need is in-house ownership or targeted advisory support.
Credentials
What supports the work.
CISA
ISO 27001:2022 Internal Auditor
CBPR and Cyber Trust Mark exposure
BCM lifecycle work
Privacy and data protection
Stakeholder management
IT audit foundations
Process and control design
Positioning
The message I want this site to carry.
- I can speak to both control expectations and operational reality.
- I bring credibility from financial services, technology, and audit-heavy environments.
- I can lead from the inside or help from the outside, depending on what the organisation needs.
Search Intent
For organisations looking for ISO 27001, audit readiness, or senior IT compliance support.
01 / Singapore
Singapore IT compliance and technology risk support
Support across governance, risk, controls, policy, evidence, and cross-functional alignment for organisations operating in Singapore.
02 / Audit
Audit compliance, remediation, and control uplift
Useful when an organisation needs to prepare for audits, respond to findings, improve documentation quality, or tighten control ownership.
03 / ISO
ISO 27001 readiness and operating discipline
Especially relevant for teams that need help moving from intent to execution on ISO 27001, internal audits, and practical control adoption.
Connect
If something here resonates, reach out.
I’m open to thoughtful conversations about senior in-house roles, advisory work, ISO 27001 assignments, audit readiness, technology risk, and the systems that make organisations more trustworthy and better run.