Cyber Security Manager

Role Overview:

Savills operates a hybrid IT delivery model, with governance, security, and infrastructure managed at the APAC regional level, and local IT operations and business support delivered from Singapore.

We are seeking a skilled and proactive IT Cybersecurity Manager to join our growing SG Technology team. The IT Cyber Security Manager is responsible for safeguarding Savills Singapore’s information assets while enabling the business to operate securely, confidently, and competitively. Beyond core cyber security governance and operations, this role acts as a trusted business partner, working closely with internal stakeholders and clients to support client cyber security due diligence, assurance requests, and regulatory expectations.

The role will lead cyber risk management, security awareness, and certification initiatives, ensuring Savills Singapore meets recognized security standards while strengthening client trust.

Key responsibilities:

Cyber Security Strategy & Governance

• Define, implement, and continuously improve Savills Singapore’s cyber security strategy, aligned with global Savills standards and local regulatory requirements.
• Establish and maintain cyber security policies, standards, risk registers, and governance frameworks.
• Identify, assess, and mitigate cyber risks across IT systems, business applications, and third-party vendors.
• Act as the local cyber security authority, advising leadership on risk, impact, and mitigation options in clear business terms.

Business Partnering & Stakeholder Management

• Serve as a trusted advisor to business leaders, property management teams, valuation teams, and client-facing functions on cyber security matters.
• Translate technical security risks into business-relevant language, focusing on operational impact, client confidence, and reputational risk.
• Partner with Legal, Compliance, Risk, HR, and Operations teams to embed security into business processes and initiatives.
• Support account teams and business units in responding to client cyber security questionnaires, audits, and due diligence requests, including RFPs and contract requirements.

Client Cyber Security Due Diligence & Assurance

• Lead the preparation and management of responses to client cyber security due diligence, assurance letters, and security questionnaires.
• Maintain standardized security response packs, evidence repositories, and approved statements to ensure timely and consistent client responses.
• Engage directly with clients or client auditors when required to explain Savills Singapore’s security posture and controls.
• Proactively identify gaps that may impact client confidence and drive remediation initiatives.

Cyber Certifications & Compliance

• Lead and maintain cyber security certifications and frameworks.
• Coordinate audits, evidence collection, remediation plans, and ongoing compliance monitoring.
• Act as the key point of contact for auditors and regulators relating to cyber security matters.

Security Operations & Incident Management

• Oversee day-to-day cyber security operations, including vulnerability management, security monitoring, and incident response coordination.
• Lead or support cyber security investigations, ensuring clear communication to management and impacted stakeholders.
• Work closely with infrastructure, application, and regional IT teams to ensure secure system design and operations.

Security Awareness & Training

• Design and deliver cyber security awareness and training program for staff across all business lines.
• Tailor training for different audiences, including senior management, client-facing staff, and operational teams.
• Promote a strong security-first culture while maintaining a pragmatic, business-enabling approach.

Requirements

• Education: Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Experience: Minimum 5+ years of experience in IT security, with at least 1+ years in a security operations or incident response role. Knowledge of IT security concepts, ISO 27001, ITIL and risk management.

Key Competencies

• Curious and willing to learn complex business applications.
• Patient, service-oriented mindset and strong problem-solving skills.
• Well-organized and able to manage multiple support requests concurrently.
• Able to work independently while collaborating effectively within a team