We are seeking an experienced Head of Information Security to lead and mature a Financial Services firm's global security posture.
This role is accountable for end-to-end information security across governance, risk & compliance (GRC), security operations, engineering, and security architecture, with a strong emphasis on cloud security design and architecture in a predominantly Azure-based environment.
Operating within a lean structure, the successful candidate must be both strategic and hands-on, capable of translating cyber risk into executive language while maintaining deep technical oversight across identity, cloud, endpoint, and network security domains.
Responsibilities:
Security Strategy & Governance (GRC)
- Define and execute a multi-year information security roadmap aligned with business growth and regulatory expectations
- Establish and maintain governance frameworks aligned to MAS TRM, NIST CSF, ISO 27001 and other applicable regulatory standards
- Own the cyber risk register, risk quantification, and reporting to senior management / board
- Oversee policy development, standards, and control frameworks
- Lead regulatory engagement, audits, and third-party assessments
- Oversee third-party cyber risk management
Security Architecture
- Own and define the firm's security architecture strategy, ensuring defence-in-depth across cloud and on-prem environments
- Design and govern secure Azure cloud architecture, including:
- Secure landing zones
- Identity and access architecture (Entra ID, PIM, Conditional Access)
- Network segmentation and ingress/egress controls
- Secrets management and privileged access
- Cloud workload protection and posture management
- Architect Zero Trust principles across identity, endpoint, network, and applications
- Embed security-by-design into infrastructure and development lifecycles
- Evaluate and rationalise security tooling to optimise effectiveness and cost
Security Operations & Engineering
- Oversee day-to-day security operations, ensuring effective detection and response capabilities
- Manage outsourced SOC/SIEM providers and internal security engineers
- Define incident response playbooks and lead major incident management
- Oversee vulnerability management and threat intelligence processes
- Ensure effectiveness of endpoint protection, EDR/XDR, DLP, IAM/PAM, and monitoring controls
- Drive automation and engineering improvements across the security stack
Programme & Transformation Delivery
- Lead medium-to-large scale security transformation initiatives (e.g., SIEM migration, PAM rollout, cloud segmentation, DLP deployment)
- Manage security budgets, vendor contracts, and service providers
- Develop and scale a high-performing security team
Requirements:
- 12+ years of progressive experience in cybersecurity / information security
- Recent years in leadership roles within financial services
- Demonstrated experience operating in lean, fast-paced environments
- Strong hands-on expertise in cloud security architecture
- Strong working knowledge of MAS TRM and financial regulatory expectations
To apply:
If you're interested to apply or find out more, please share across your CV or reach out to Chen Yi at [Confidential Information] for a discussion. Due to anticipated high volume of applications, we regret to inform that only shortlisted candidates will be notified.
Reg: R1876389
Lic: 16S8060
