We are seeking an experienced and strategic Head of Information Security to lead the development, implementation, and continuous improvement of our enterprise-wide cybersecurity program. This role is responsible for protecting the confidentiality, integrity, and availability of our information assets, systems, and infrastructure across on-premises, cloud, and hybrid environments.

You will work closely with senior leadership and key business stakeholders to align cybersecurity initiatives with business objectives, regulatory requirements, and emerging threats.

Key Responsibilities

Cybersecurity Strategy & Governance

• Develop and execute the organization's cybersecurity strategy, aligned with business goals and risk appetite.
• Establish governance frameworks, security policies, standards, and procedures based on best practices (e.g., NIST, ISO 27001, CIS).
• Lead enterprise-wide cyber risk assessments and maturity evaluations to identify gaps and define mitigation roadmaps.

Security Operations & Incident Management

• Oversee day-to-day security operations, including monitoring, detection, threat intelligence, and incident response.
• Lead the response and recovery for security incidents, breaches, and forensic investigations.
• Ensure timely reporting and communication of significant threats or incidents to executive leadership and regulators (as required).

Compliance, Audit & Regulatory Engagement

• Ensure compliance with applicable regulatory and industry standards (e.g., PDPA, GDPR, PCI-DSS, ISO 27001).
• Serve as the point of contact for internal and external audits, regulators, and third-party assessments.
• Maintain a robust security awareness and training program across the organization.

Vendor & MSSP Management

• Manage and evaluate cybersecurity vendors, tools, and services to ensure alignment with security strategy and performance expectations.
• Oversee relationships with Managed Security Service Providers (MSSPs), ensuring service levels are met and threat intelligence, monitoring, and response services are effective.
• Conduct regular reviews of third-party performance, risk assessments, and contract compliance.
• Ensure third-party solutions and partners meet internal security and compliance standards.

Leadership & Team Management

• Build, lead, and mentor a high-performing cybersecurity team.
• Drive a security-first culture through stakeholder engagement, education, and proactive partnership.
• Define and manage the cybersecurity budget, resource planning, and capability development.

Requirements

• Bachelor's degree in Computer Science, Information Security, or related field (Master's preferred).
• 12-15+ years of experience in cybersecurity, with at least 3 years in a senior leadership or head-of-function role.
• Experience in regulated industries (e.g. financial services, healthcare, government) is strongly preferred.
• Strong knowledge of enterprise security operations, identity & access management, data protection, SIEM/SOAR, and vulnerability management.
• Working knowledge of key frameworks and standards: NIST CSF, ISO 27001, MITRE ATT&CK, CIS Controls.

To apply:

If you're interested to apply or find out more, please share across your CV or reach out to Chen Yi at [email protected] for a discussion. Due to anticipated high volume of applications, we regret to inform that only shortlisted candidates will be notified.

Reg: R1876389

Lic: 16S8060