AVP, IT Security

About Hong Leong Finance

Hong Leong Finance is Singapore's largest finance company and a member of the Hong Leong Group. With over 60 years of financial services experience, we serve both consumers and SMEs through 28 branches and 12 SME Centres across the island.

We are looking for a driven IT Security Professional to join our organization.

About the role

The role will be responsible for designing, implementing, and maintaining robust cybersecurity measures as part of the IT Security team to provide cyber assurance and safeguard the organization's systems, applications, and data. This role requires a proactive approach to identifying and mitigating risks, ensuring compliance with security standards, and embedding security into every stage of technology lifecycle. You will act as a trusted advisor to the wider IT teams, promoting security awareness and best practices across the organization. The key responsibilities of the Security Analyst include:

Governance Framework Management

• Develop and maintain cybersecurity governance framework aligned with MAS TRM Guidelines; enforce security policies and standards.

Risk Management & Assessment

• Lead security risk assessments, maintain cyber risk register, and coordinate VAPT and threat modeling activities.

Regulatory & Compliance Management

• Ensure compliance with MAS TRM, PDPA, and CSA directives; coordinate audits and track remediation.

Security Policy & Standards Development

• Draft and update security policies; drive policy awareness and adoption across business units.

Third-Party Risk Management

• Manage vendor security assessments and monitor third-party compliance.

Security Awareness & Training

• Promote security-first culture and conduct secure-by-design training for the IT Department.

Metrics, Reporting & Dashboards

• Track KRIs and security KPIs and prepare executive-level GRC reports.

Incident Management Support

• Support incident response and maintain documentation for audit purposes.

Stakeholder Engagement

• Act as trusted security advisor and embed security into technology projects.

Qualifications & Skills:

• Bachelor's degree in Computer Science, Information Security, or related field.
• 7+ years of experience in cybersecurity roles (security engineering, operations, or architecture).
• Strong knowledge of security frameworks (ISO 27001, NIST, CIS).
• Hands-on experience with vulnerability management, SIEM, EDR, and DLP solutions.
• Familiarity with secure-by-design principles.
• Excellent analytical and problem-solving skills.
• Relevant certifications (e.g., CEH, CISSP, OSCP, CISM) are a plus.
• Strong communication and collaboration skills.
• Proactive mindset with attention to detail.

The successful candidate can expect a competitive package that includes an attractive basic salary, annual bonus and variable bonus. Please submit your detailed resume, including expected salary and contact number.

(We regret that only short-listed candidates will be notified)