AVP, Information Security

Singlife is a leading homegrown financial services company, offering consumers a better way to financial freedom. Through innovative, technology-enabled solutions and a wide range of products and services, Singlife provides consumers coantrol over their financial wellbeing at every stage of their lives.

In addition to a comprehensive suite of insurance plans, employee benefits, partnerships with financial adviser channels and bancassurance, Singlife offers investment and advisory solutions through its GROW with Singlife platform. It also offers the Singlife Account, a mobile-first insurance savings plan.

Singlife is the exclusive insurance provider for the Ministry of Defence, Ministry of Home Affairs and Public Officers Group Insurance Scheme. Singlife is also an official signatory of the United Nations Principles for Sustainable Insurance and the United Nations-supported Principles for Responsible Investment, affirming its commitment to finding a better way to sustainability.

The merger of Aviva Singapore and Singlife was announced in September 2020 and created one of the largest homegrown financial services companies in Singapore in a deal valued at S$3.2 billion. It was the largest insurance deal in Singapore at the time. Singlife was subsequently acquired by Sumitomo Life in March 2024, one of Japan's leading life insurers, which valued Singlife at S$4.6 billion, making the transaction one of the largest insurance deals in Southeast Asia.

Purpose:

The Vulnerability Management & Penetration Testing Lead is responsible for developing & running Singlife internal Vulnerability Management & Penetration Testing program and capabilities to support Singlife business, security & integrity of the IT operations.

She/He will lead and manage a team to identify & employ risk-based vulnerability management methodologies, developing standards & procedures for a distributed environment and to champion program improvements that meets the needs of business & security requirements.

Responsibilities:

. Build internal Vulnerability Management & Penetration Testing (VMPT) program & capabilities within the organization.

. Develop and refine policies, processes & procedures for vulnerability management, penetration testing, communication and reporting.

. Manage internal VMPT program and relationships with external VMPT vendors and other external stakeholders in Singlife.

. Build & Lead security review & monitoring of production environments in hybrid infrastructure.

. Lead identification of gaps in RBVM processes & procedures and drive improvements

. Lead identification of gaps in adjacent processes & procedures and drive improvements from a RBVM perspective.

. Lead triage and management of vulnerabilities effectively and efficiently together with other internal teams.

. Produce quality oral & written work products, presenting complex technical matters & findings clearly & concisely Consult with and take direction from supervisors and other cybersecurity team members regarding vulnerability management and penetration testing status and findings

. Mentor and guide technical development of more junior VMPT staff and colleagues

. Research, develop & recommend hardware and software tooling required for effective risk-based vulnerability management

. Ability to interact with a broad cross-section of personnel to explain and enforce security measures. Extensive experience in information security and/or IT risk management with a focus on security, performance and reliability.

. Ensure compliance with all applicable laws and regulations relating to the above functional activities.

. Operation for compliance with governance against security baseline with tool.

Experience

. Preferable to have 7+ years of relevant experience Strong Knowledge in Risk-based Vulnerability Management Demonstrated ability to lead, with project and team-building skills, including the ability to lead teams and drive projects and initiatives in multiple departments.

. Experience and ability to identify risks associated with business processes, operations, information security programs and technology projects.

. Able to communicate with diverse audiences, both technical and non-technical, to achieve consensus with regards to risk-based vulnerability management.

. Experience with optimization of processes

. Experience with automation of processes and process workflow using ITSM tools.

. Experience in log configuration, formats and feeding of logs into SIEM platforms

. Experience in intrusion analysis and incident handling.

. Working experience with vulnerability management and security engineering in a high tempo SOC or Cyber Fusion Centre Environment.

. Leadership experience in a high tempo SOC or Cyber Fusion Centre Environment.

. Good track record in leading and mentoring a team.

. Some knowledge in programming in the use of Python, C++, Java, Ruby, Node, Go and/or PowerShell.

. Have experience with Qualys/Prisma Cloud.

Education

. Academic: Bachelor's degree in Computer Science / Information Technology(preferred)

. Professional Certification(s): SANS, CISA, CISM, CISSP, Vendor Certifications (preferred / willing to get certified in 1 year)