We are seeking an experienced IT Security Governance Senior Manager to lead and execute key governance, risk, and compliance activities within the organisation's cybersecurity function. In this role, you will oversee enterprise-wide governance processes including data loss prevention (DLP), security audits, regulatory and policy compliance, security architecture reviews, DevSecOps release governance, and ongoing security risk management.

You will partner closely with technology teams, business stakeholders, and external auditors to ensure that security risks are identified, assessed, communicated, and effectively mitigated through appropriate controls. You will also drive proactive security initiatives such as phishing simulation campaigns, risk metric reporting, and continuous control improvements.

Responsibilities:

Security Governance & Compliance

• Lead and manage the organisation's security governance framework and ensure alignment with internal policies, industry standards, and regulatory requirements (e.g., MAS TRM, ISO 27001, PDPA).
• Oversee and coordinate security-related audits (internal, external, regulatory) and drive remediation and continuous compliance.
• Ensure all security processes, policies, and procedures remain current and effective across the organisation.

Data Loss Prevention (DLP) Oversight

• Manage DLP controls across endpoints, email, cloud, and network channels.
• Monitor DLP alerts, conduct investigations, and work with stakeholders on incident resolution and process enhancements.
• Review and refine DLP rules, policies, and reporting to strengthen data protection posture.

Security Architecture & DevSecOps Governance

• Review and assess solution architectures and project designs for alignment with security requirements and best practices.
• Govern DevSecOps release workflows by embedding automated security checks and ensuring compliance with secure SDLC.
• Partner with engineering and architecture teams to enforce secure-by-design principles.

Security Risk Management

• Identify, assess, and track remediation of security risks across business units and IT domains.
• Maintain the security risk register and produce timely reports for leadership and risk committees.
• Recommend appropriate technical and process controls to address identified risks.

Security Monitoring & Awareness Initiatives

• Lead phishing simulation campaigns and user awareness initiatives to strengthen security culture.
• Track and report risk metrics, KPIs/KRIs, audit findings, and compliance status to management and governance forums.
• Provide advisory support to business and IT stakeholders on day-to-day security control practices.

Stakeholder Management & Collaboration

• Serve as a key liaison between IT Security, Technology, Risk, Audit, and Business teams.
• Provide subject-matter expertise and guidance in security governance matters.
• Present findings, risks, and recommendations to senior management.

Requirements:

• Bachelor's Degree in Information Security, Computer Science, or related field.
• 8-12+ years of experience in cybersecurity, with at least 3 years in security governance, risk, or compliance roles.
• Strong understanding of security frameworks and regulations (e.g., MAS TRM, ISO 27001, NIST, CIS).
• Experience in DLP, audit coordination, risk management, secure SDLC, and security architecture review.
• Prior experience in a regulated industry (financial services, telecommunications, healthcare) is highly advantageous.
• Knowledge of security governance processes, DevSecOps, vulnerability management, and security tooling.
• Familiar with phishing simulations, security awareness, and compliance reporting.
• Strong analytical skills with the ability to articulate risk and justify recommendations.

To apply:

If you're interested to apply or find out more, please share across your CV or reach out to Chen Yi at [email protected] for a discussion. Due to anticipated high volume of applications, we regret to inform that only shortlisted candidates will be notified.

Reg: R1876389

Lic: 16S8060