We are seeking an experienced and strategic Head of Information Security to lead the development, implementation, and continuous improvement of our enterprise-wide cybersecurity program. This role is responsible for protecting the confidentiality, integrity, and availability of our information assets, systems, and infrastructure across on-premises, cloud, and hybrid environments.
You will work closely with senior leadership and key business stakeholders to align cybersecurity initiatives with business objectives, regulatory requirements, and emerging threats.
Key Responsibilities:
Cybersecurity Strategy & Governance
- Develop and execute the organization's cybersecurity strategy, aligned with business goals and risk appetite.
- Establish governance frameworks, security policies, standards, and procedures based on best practices (e.g., NIST, ISO 27001, CIS).
- Lead enterprise-wide cyber risk assessments and maturity evaluations to identify gaps and define mitigation roadmaps.
Security Operations & Incident Management
- Oversee day-to-day security operations, including monitoring, detection, threat intelligence, and incident response.
- Lead the response and recovery for security incidents, breaches, and forensic investigations.
- Ensure timely reporting and communication of significant threats or incidents to executive leadership and regulators (as required).
Compliance, Audit & Regulatory Engagement
- Ensure compliance with applicable regulatory and industry standards (e.g., MAS TRM, PDPA, GDPR, PCI-DSS, ISO 27001).
- Serve as the point of contact for internal and external audits, regulators, and third-party assessments.
- Maintain a robust security awareness and training program across the organization.
Vendor & MSSP Management
- Manage and evaluate cybersecurity vendors, tools, and services to ensure alignment with security strategy and performance expectations.
- Oversee relationships with Managed Security Service Providers (MSSPs), ensuring service levels are met and threat intelligence, monitoring, and response services are effective.
- Conduct regular reviews of third-party performance, risk assessments, and contract compliance.
- Ensure third-party solutions and partners meet internal security and compliance standards.
Leadership & Team Management
- Build, lead, and mentor a high-performing cybersecurity team.
- Drive a security-first culture through stakeholder engagement, education, and proactive partnership.
- Define and manage the cybersecurity budget, resource planning, and capability development.
Requirements:
- Bachelor's degree in Computer Science, Information Security, or related field (Master's preferred).
- 12-15+ years of experience in cybersecurity, with at least 3 years in a senior leadership or head-of-function role.
- Experience in regulated industries (e.g. financial services, healthcare, government) is strongly preferred.
- Strong knowledge of enterprise security operations, identity & access management, data protection, SIEM/SOAR, and vulnerability management.
- Working knowledge of key frameworks and standards: NIST CSF, ISO 27001, MITRE ATT&CK, CIS Controls.
To apply:
If you're interested to apply or find out more, please share across your CV or reach out to Chen Yi at [Confidential Information] for a discussion. Due to anticipated high volume of applications, we regret to inform that only shortlisted candidates will be notified.
Reg: R1876389
Lic: 16S8060
