Cyber Security Director

About Us

MetaComp Pte Ltd is a leading Singapore-based digital payment solution provider, licensed and regulated by the Monetary Authority of Singapore (MAS) as a Major Payment Institution, to provide Digital Payment Token Services and Cross-border Payment Transfers. Operating under a P2B2C (platform-to-business, partners-to-clients) model, MetaComp provides its clients with an integrated end-to-end suite of services, empowering them to confidently enter the digital asset market with much-needed safety, security, and compliance assurance. Together with its parent company, Metaverse Green Exchange Pte. Ltd. (a MAS-licensed CMS holder permitted to carry out, inter alia, brokerage and custody services), MetaComp introduces its suite of services through CAMP (Client Assets Management Platform) which allow businesses to develop and scale their digital asset offerings through various products and/or services such as over-the-counter transactions, fiat payments, digital asset custody and prime brokerage.

Brief summary of the role and its purpose:

Lead the security engineering, security operations, and technology risk functions. Define and execute the cyber defense strategy, ensuring all controls meet or exceed regulatory requirements (e.g., MAS TRM, HKMA Technology Risk, PDPA, GDPR). Drive compliance initiatives and certification programs, including SOC 2 and PCI DSS.

Key responsibilities

• Lead Security Architecture & Engineering: Define security reference architecture, IAM strategy, application and data security controls, and detection engineering standards across cloud and enterprise environments.
• Oversee Security Operations & Incident Response: Manage MDR services, threat intelligence, vulnerability management, and red/purple team exercises to strengthen detection and response capabilities.
• Drive Risk, Compliance & Governance: Maintain policy frameworks, ensure regulatory and industry compliance (MAS TRM, HKMA, PDPA, GDPR, ISO 27001, SOC 2, PCI-DSS), and manage audits and third-party risk.
• Set Strategy & Executive Reporting: Develop multi-year security roadmap, optimize tooling and vendor portfolio, secure resources, and deliver concise risk narratives and performance metrics to leadership.

Top 3 Required Qualifications (skills, experience, certifications):

• 12+ years in information security with 5+ years leading multi-disciplinary teams across security engineering, operations, and GRC.
• Proven experience in regulated financial services (banking, payments, fintech) with hands-on management of Tech Risk/Operational Resilience, and Data Privacy Compliance programs.
• Demonstrated success implementing Zero Trust, DevSecOps, cloud security (AWS/OCI), SIEM/EDR/SOAR, IAM/PAM, DLP, and data protection controls at scale.
• Strong incident leadership: complex investigations, crisis coordination, stakeholder communications, post-incident reviews with durable remediation.
• Good communication skills with the ability to translate technical risk into business outcomes; excellent communication and stakeholder management.

Preferred Qualifications (nice-to-have):

• CISSP, CISM/CCISO, CCSP
• ISO/IEC 27001 Lead Implementer/Lead Auditor
• SOC 2 program leadership experience
• PCI DSS (e.g., SAQ/QSA engagement experience; CDE scoping, segmentation)
• Certified Data Protection credentials (e.g., CIPP/E, CIPM)

We are committed to creating an inclusive workplace where every individual feels respected, valued, and empowered to contribute. We celebrate diversity in all its forms—background, ethnicity, gender, identity, orientation, experience, and thought—and believe it strengthens our culture and our work. We are proud to be an equal opportunity employer and do not discriminate on the basis of race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, or any other protected characteristic.