Senior Vice President, Head of Risk and Control

Singlife is a leading homegrown financial services company, offering consumers a better way to financial freedom. Through innovative, technology-enabled solutions and a wide range of products and services, Singlife provides consumers control over their financial wellbeing at every stage of their lives. In addition to a comprehensive suite of insurance plans, employee benefits, partnerships with financial adviser channels and bancassurance, Singlife offers investment and advisory solutions through its GROW with Singlife platform. It also offers the Singlife Account, a mobile-first insurance savings plan.

Singlife is the exclusive insurance provider for the Ministry of Defence, Ministry of Home Affairs and Public Officers Group Insurance Scheme. Singlife is also an official signatory of the United Nations Principles for Sustainable Insurance and the United Nations-supported Principles for Responsible Investment, affirming its commitment to finding a better way to sustainability.

The merger of Aviva Singapore and Singlife was announced in September 2020 and created one of the largest homegrown financial services companies in Singapore in a deal valued at S$3.2 billion. It was the largest insurance deal in Singapore at the time. Singlife was subsequently acquired by Sumitomo Life in March 2024, one of Japan's leading life insurers, which valued Singlife at S$4.6 billion, making the transaction one of the largest insurance deals in Southeast Asia.

Purpose of the Role

The role of the Business Information Security Officer (BISO) is to provide support and accountability for Singlife's information security (IS) activities. The BISO function closely collaborates with the Business, Technology & Operations teams, as well as the broader ISO community, to oversee risk management advice for Singlife and its subsidiaries. The role entails monitoring and ensuring adherence to Singlife's IS Policy and Standards within the organization's processes.

Key Responsibilities

Focuses on Core BISO activities:

.Conduct Information Security Business Impact Assessments (ISBIA) for Projects, Applications, and Third-Party Outsourcing arrangements, aligning with Singlife Standards. Collaborate with Technology and Business units to evaluate the impact of control deficiencies.

.Lead the implementation of IS standards at the business level, ensuring alignment of procedures and practices with established standards.

.Collaborate in creating Risk Acceptances (RAs), Risk Exceptions (REs), and Corrective Action Plans (CAPs) using appropriate tools.

.Engage with Security Incident Response Teams to guide the resolution and closure of incidents, offering proactive recommendations.

.Generate periodic IS risk management reports, highlighting critical issues and proposing corrective action plans.

.Ensure adherence to IS standards and best practices across diverse disciplines.

.Support the business during audit reviews and regulatory inspections related to IS matters.

.Maintain vigilant oversight of IS programs, encompassing programs, policies, and associated reporting within the business landscape.

.Collaborate with business units to rectify non-compliance in processes, applications, and outsourcing activities.

Act as a Business Partner

.Regularly communicate and interact with Management and Employees, enhancing understanding of IS-related programs, policies, and standards.

.Leverage the ISO network to share resources, extract best practices, and enhance operational efficiency.

.Validate compliance with security controls within business contracts.

.Evaluate the alignment of IS processes with business needs, particularly concerning software and internet usage.

.Conduct Information and Cyber Security Awareness training to fortify organizational preparedness.

.Partner with application managers or the Technology Information Security Officer (TISO) to address specific technical requirements.

.Stay relevant to evolving cybersecurity regulations (MAS, CSA, GIA, LIA) to provide subject matter expert feedback. Assess the impact of new and updated regulations promptly by partnering with the ISO, Technology & Operations community.

Other Requirements

.Demonstrate skill in delivering compelling presentations and managing complex programs.

.Display exceptional aptitude in consulting, problem-solving, and analytical capabilities.

.Exhibit a proactive, assertive, service-oriented demeanour while effectively functioning as a cohesive team player.

.Demonstrate the ability to manage concurrent tasks and prioritize effectively, even in conflicting timelines.

Requirements

Experience

.Minimum 10 years of experience in Information security. In areas such as security governance, risk management, application security design, security project management or security operation.

.Professional Certifications CISSP, CISM, CISA, SANS, Cloud would be preferred.

Education

.Bachelor's degree in IT, Engineering or equivalent