Based in Singapore, this role owns global security operations and compliance, covering incident response, cloud and vulnerability security, and ISO 27001 governance, while partnering closingly with internal teams and customers to support audits, RFPs, and security initiatives across regions.
What will you do
Security Operations
- Monitor security alerts daily and manage the security incident queue (triage, response coordination, escalation, closure)
- Security alert monitoring and incident response across all locations and environments
- Vulnerability scanning and remediation across endpoints, servers, networks, and applications
- Cloud security posture management (AWS/Azure and Chinese equivalents)
- Security tooling management (SIEM, endpoint protection/EDR, email security, vulnerability scanning, WAF)
- Identify and access management oversight (SSO, MFA, privileged access, joiner/mover/leaver controls, periodic access reviews)
- Architeture reviews and security guidance for new systems, business applications, and infrastructure changes
Governance & Compliance
- Maintain compliance certifications (ISO 27001)
- Coordinate external audits and penetration tests
- Develop and maintain global security policies, standards, and operational playbooks
- Risk assessment and remediation tracking
- Ensure adherence to security policies across all locations
- Deliver security awareness training
Client & Stakeholder Engagement
- Complete security questionnaires and vendor assessments
- Support sales on security-related RFPs
- Communicate global security updates, policy changes, and required actions clearly across all locations
What do we expect
- 5+ years in information security with hands-on technical experience
- Proven experience monitoring alerts, triaging incidents, and running incident response workflows end-to-end
- Strong cloud security experience (AWS, Azure, or GCP)
- Track record of managing or significantly contributing to ISO 27001 or SOC 2 programs
- Experience with vulnerability management and security monitoring tools
- Ability to work independently and drive initiatives without close oversight
- Strong communication skills, able to communicate with IT, Engineering, and business teams and Customers for RFPs
- Open to travel to all company locations at least once per year (Switzerland, Singapore, Spain, USA, and China)
- Relevant certifications (CISSP, CISM, cloud security specialties)
- Experience running security across multiple offices and regions, in SaaS or technology environments
- Familiarity with DevSecOps practices and infrastructure-as-code
