Introduction
At IBM, work is more than a job — it's a calling: to build, to innovate, to collaborate, and to solve some of the world's most complex security challenges. The Office of the Chief Information Security Officer (CISO) is responsible for protecting IBM's global information assets and ensuring resilience against evolving cyber threats.
We are looking for an experienced and highly motivated
Cybersecurity CSIRT Manager, based in
Singapore, to lead a critical cyber defense capability. This role requires strong leadership, deep incident response expertise, and the ability to remain calm and decisive in high‑pressure situations while working with senior stakeholders across the business.
Your Role And Responsibilities
The
Cybersecurity CSIRT Manager role is based in
Singapore.
The Computer Security Incident Response Team (CSIRT) is responsible for managing cybersecurity incidents end‑to‑end, leading investigations, coordinating response activities, and reducing business impact from cyber threats.
As a CSIRT Manager, you lead and oversee the enterprise incident response function. You are accountable for incident handling from intake through triage, investigation, containment, eradication, recovery, and closure. You act as the incident commander for major and high‑severity security events and provide clear, timely communication to technical teams, business stakeholders, and executive leadership.
You work closely with global teams across the organization, including SOC, Threat Intelligence, Digital Forensics, IT, Legal, Privacy, Communications, and Business Units, to ensure incidents are handled in a timely, professional, and compliant manner. You conduct and lead incident calls, executive briefings, post‑incident reviews, and drive continuous improvement of response capabilities.
In this role, you also define and maintain CSIRT standards, playbooks, and procedures; oversee quality assurance of incident handling; track and report incident metrics and trends; and ensure lessons learned are translated into meaningful security improvements.
Preferred Education
Bachelor's Degree
Required Technical And Professional Expertise
- Extensive experience in cybersecurity incident response, including leadership of enterprise‑scale security incidents
- Strong understanding of incident response frameworks, standards, and best practices
- Proven ability to manage incidents end‑to‑end, including triage, investigation, containment, remediation, recovery, and post‑incident review
- Experience coordinating response efforts across technical teams, business stakeholders, and executive leadership
- Deep knowledge of common security threats, attack vectors, and adversary techniques
- Strong oral and written communication skills in English, with the ability to communicate effectively with both technical and non‑technical audiences
- Demonstrated leadership and people‑management experience, including coaching and developing incident response professionals
- Ability to make sound decisions under pressure and manage multiple concurrent incidents
- High level of integrity, professionalism, and discretion when handling sensitive information
- Due to Business Reason, only Singapore citizens or permanent residents are eligible to apply.
Preferred Technical And Professional Experience
- 10+ years of cybersecurity experience, with 5+ years in incident response and people leadership roles
- Experience working in a global enterprise environment
- Experience with digital forensics and evidence handling
- Familiarity with incident response tooling and case management platforms (e.g., SOAR or similar)
- Bachelor's degree in Computer Science, Cybersecurity, Engineering, Information Systems, or equivalent experience
- One or more professional security certifications such as CISSP, CISM, GCIH, GCFA, GCED, or CISA
- Additional language skills beyond English are a plus
