Role Overview

We are looking for an experienced cybersecurity professional to lead cyber risk management, security assurance, and security operations across the organization. This role is accountable for strengthening cyber resilience through effective risk oversight, robust security platforms, proactive threat management, and disciplined incident handling. The position works closely with business and technology stakeholders and oversees outsourced security operations partners to ensure service quality, compliance, and continuous improvement.

Key Responsibilities

Cyber Risk Management & Security Assurance

• Establish and maintain enterprise security policies, standards, and operating procedures.
• Support cyber risk lifecycle activities including risk identification, evaluation, mitigation planning, acceptance, and reporting.
• Develop cyber risk indicators, dashboards, and reports for senior management and board level oversight.
• Provide guidance to business and IT teams on security control effectiveness, risk exposure, and exception handling.
• Ensure alignment with recognized security frameworks and regulatory expectations.

Security Platforms & Technology Enablement

• Oversee the operational effectiveness, availability, and performance of security technologies.
• Assess emerging security solutions and drive adoption to strengthen prevention, detection, and response capabilities.
• Partner with infrastructure and application teams to integrate security requirements into system delivery.
• Ensure consistent configuration and integration of security tools across the enterprise environment.

Security Operations & Monitoring

• Lead ongoing security operations including monitoring, alert handling, and threat investigation.
• Review and analyze security events to identify potential threats, weaknesses, or breaches.
• Enhance detection capability through continuous tuning of alerts, rules, dashboards, and workflows.
• Improve operational efficiency and response effectiveness through data driven improvements.

Incident Response & Recovery

• Coordinate and lead cybersecurity incident response activities from investigation through containment and recovery.
• Conduct post incident reviews to identify root causes and implement corrective and preventative actions.
• Maintain and enhance incident response procedures, escalation paths, and playbooks.
• Provide timely and clear communications to internal and external stakeholders during security incidents.

Threat Intelligence & Proactive Defense

• Monitor evolving cyber threats, attack methods, and security trends relevant to the organization.
• Leverage threat intelligence and industry frameworks to improve detection and response strategies.
• Translate threat insights into actionable security improvements and risk mitigation measures.

Third Party Security Operations Management

• Define roles, responsibilities, performance measures, and service expectations for outsourced security providers.
• Establish governance processes including performance reviews, audits, and compliance assessments.
• Maintain regular engagement with service partners to ensure alignment, responsiveness, and service quality.
• Drive continuous service improvement through structured feedback and risk based prioritization.

Leadership & Stakeholder Engagement

• Lead, coach, and develop cybersecurity analysts and engineers within a collaborative operating model.
• Set priorities, allocate workload, and track performance against operational objectives.
• Support recruitment, onboarding, and capability development initiatives.
• Act as a trusted cybersecurity partner to business leaders, IT teams, and external vendors.
• Communicate security risks and recommendations clearly to both technical and non-technical audiences.

Requirements

• Bachelor’s or Master’s degree in Information Security, Computer Science, Information Technology, or a related field.
• Professional certifications such as CISSP, CISM, CISA, CRISC, or GIAC are preferred.
• 5 to 8 years of experience in cybersecurity operations, security risk management, or security assurance roles.
• Strong understanding of security standards and frameworks including ISO27001 and NIST.
• Knowledge of IT governance practices, project delivery, and operational methodologies.
• Familiarity with cybersecurity regulations such as the Singapore Cybersecurity Act 2018, CCoP 2.0, and PDPA.
• Working knowledge of MITRE ATT&CK and D3FEND frameworks.
• Experience within regulated industries such as financial services or critical infrastructure is an advantage.
• Hands on experience with enterprise security technologies including firewalls, IDS IPS, EDR, IAM, PAM, WAF, SIEM, VMS, and PKI.
• Ability to operate, assess, and optimize security tools within complex IT environments.

Please send your detailed resume in MS Word format to [email protected] with

• Education Level
• Working experiences
• Each employment background
• Reason for leaving each employment
• Last drawn salary
• Expected salary
• Date of availability