About this Role
This role works closely with the Deputy Director of Information Security in managing the information security governance, compliance, and security operations across global SaaS and cloud environments. The position is a hands-on, hybrid security role covering both Governance, Risk & Compliance (GRC), and security operations (SecOps). The candidate is expected to possess sufficient technical security understanding to interpret security events and risks, evaluate security solutions, coordinate incident response and remediation.
Key Responsibilities
- Maintain the organization's ISO 27001 ISMS, including policies, procedures, risk register, audit readiness.
- Coordinate internal and external audits (e.g., ISO 27001, SOC2, OSPAR), vendor penetration testing, including preparation and follow ups on remediation of findings.
- Act as Singapore ISMS Management Representative, and backup for global ISMS Management Representative in the Deputy Director's absence; manage security awareness programs, phishing simulations and compliance tracking.
- Monitor and interpret output from security tools such as Microsoft Defender for O365, EDR, SIEM, cloud security logs, coordinate response with IT infrastructure team and/or external party, track vulnerability remediation to ensure timely closure.
- Lead security incident response tabletop exercises, coordinate security incident response activities, post incident reviews to ensure corrective actions are tracked
- Identify security gaps from audits, incidents, business requirements, and evaluate and recommend security solutions (e.g., SIEM, DLP, EDR), lead proof-of-concept (POC) activities and document findings, work with IT infrastructure team for proper implementation.
- Oversee tracking of infrastructure and application periodic vulnerability scans activities, review scan reports and work with RND and IT infra team for remediation validation and retesting
- Respond to client security questionnaires and due diligence requests, review security-related contract matters upon request
- Support client on-site security audits and implementation of solutions to address the relevant audit findings
- Maintain monthly security management reporting covering audit compliance status, security awareness training completion, vulnerability remediation tracking, and key security operations metrics.
Requirements
- Bachelor's degree in information security, Cyber Security, Computer Science, or related field.
- 6-8 years of experience in information security
- Experience in both GRC and security operations exposure
- Experience in ISO27001 audits; prior ISMS management representative experience
- Ability to interpret EDR findings, cloud security audit logs, vulnerability scan results
- Understanding of identity and access management, network and endpoint security, cloud security controls, incident response process
- Basic familiarity with application security concepts (e.g., OWASP Top 10) and working experience in cloud environments (e.g. AWS) is an advantage
- Preferred to have any of these certifications – CISSP / CISM / CCSP, ISO 27001 Lead Implementer or Lead Auditor
