Head of Information Security

Location: Asia-Pacific - Singapore
BU/Function: Software BU
Seniority: Business Leadership
Job Code: 1671

Job Responsibilities

  • Provide leadership within the information security sphere through development of appropriate cyber security strategies and action plans
  • Obtain executive support and formulate information security goals and establish policies, standards and procedures in line with organization’s objectives
  • Provide security governance, enforcing cyber security risk assessment and risk acceptance from stake holders
  • Ensure cyber security compliance to organization’s policies and standards
  • Review, endorse, develop risk management and mitigation plans
  • Advise the appropriate cyber security solutions and technologies to be deployed
  • Develop security awareness programmes and defined processes for Threat and Incident Management
  • Plan, design and conduct security incident response workshops and exercises (table-top exercises, simulation and drills)
  • Advise and ensure secure ICT development life cycle, security controls implementation and asset management
  • Serve as a focal point of contact for the information Security matters within the organization and with customers
  • Identify security risks early on and ensure they are addressed before they become actual problems
  • Setup, monitor, correlate and investigate security alerts to detect and resolve incidents
  • Work closely with the rest of the Engineering team to assess security aspects of the platform and systems prior to production
  • Keep up to date with trends and innovation in security and best practices
  • Define relevant KPI and metrics to assess and track the security events on the platform and provide reporting

Pre-Requisites

  • Degree in Computer Science, Information Systems, Engineering or equivalent
  • Strong interpersonal and stakeholder management skills
  • Ability to work with cross-functional, multi-disciplined team to formulate, institute and monitor security policies and procedures
  • 5+ years of experience in a similar role
  • 5+ years of experience supporting and securing large scale and critical systems and APIs in production
  • Preferably ‘Certified Information Systems Security Professional’ (CISSP), or ‘Certified Information Systems Auditor’ (CISA) or ‘Certified Information Security Manager’ (CISM) certifications
  • Deep understanding and experience with Firewalls, IDS, IPS, SIEM, cloud and on-premise security layers
  • Strong knowledge of risk assessment tools, technologies and methods
  • Experience and strong understanding of PCI-DSS, ISO27001, GDPR, CCPA, etc frameworks and standards
  • Experience designing and auditing secure networks, systems and application architectures
  • Experience planning, researching and developing security policies, standards and procedures
  • Hands-on understanding and experience of Linux administration, command line interface, shell scripting
  • Strong understanding of Internet protocols such as DNS, HTTP, SSL, SMTP, TCP, and UDP
  • Experience supporting the following technology stack and services (Amazon AWS, Terraform, Ansible, Docker, HAProxy, Nginx, ELB/ALB, ELK, Prometheus, Grafana, ECS/EKS/Kubernetes, Fluentd, Elasticsearch) is a plus
  • Programming experience in one or several of the following languages (Golang, JavaScript, Perl, Python) is a distinct advantage
  • A strong multi-tasker with a keen eye for detail, ability to think one step ahead
  • Strong analytical, problem-solving skills and willingness to investigate complex problems
  • Strong strategic thinking skills to handle both the big picture and crucial decisions
  • Ability to thrive on a high level of autonomy and responsibility
  • Ability to work very well cross-functionally, to think rigorously and make hard decisions and tradeoffs when required
  • Sustain learning and knowledge sharing culture in the organization and aim at achieving a high level of technical excellence and stability
  • Excellent written and verbal communication skills in English