GeneralManager, Cybersecurity
Location: Singapore
ReportsTo: CTO
RoleSummary
Weare seeking an accomplished and strategic technology leader to lead theorganization's Information Technology, Cybersecurity, Technology Risk,Governance, and Digital Transformation functions. The role will be responsiblefor defining and executing enterprise technology strategy, IT operating model,multi-year technology roadmap, and enterprise service management strategy,ensuring cyber resilience, maintaining regulatory compliance, strengtheningoperational risk management, and enabling secure business growth.
Thesuccessful candidate will serve as a trusted advisor to executive leadership,regulators, auditors, and business stakeholders while overseeing technologyinfrastructure, applications, cybersecurity operations, governance frameworks,third-party risk management, data privacy, business continuity, and emergingtechnology governance including AI.
KeyResponsibilities
CybersecurityLeadership
- Define and execute enterprise cybersecurity strategy and security architecture.
- Oversee Security Operations Center (SOC), threat monitoring, incident response, vulnerability management, threat intelligence, and security governance activities.
- Lead implementation and management of:
- Identity & Access Management (IAM)
- Privileged Access Management (PAM)
- Endpoint Detection & Response (EDR)
- SIEM and Security Analytics
- Network Security and Zero Trust Architecture
- Data Loss Prevention (DLP)
- Cloud Security Controls
- Establish cyber resilience capabilities and security awareness programs across the organization.
- Drive enterprise cybersecurity culture through awareness programmes, phishing simulations and executive reporting.
- Lead cybersecurity incident response and crisis management during major security events.
TechnologyRisk, Governance & Compliance
- Establish and maintain enterprise IT Governance, Risk and Compliance (GRC) frameworks.
- Lead Risk and Control Self-Assessment (RCSA) programs, risk register management, control testing, and technology risk reporting.
- Lead Regulatory Requirement Self-Assessments (RRSA) and technology control attestation programmes.
- Ensure compliance with regulatory requirements including:
- MAS Technology Risk Management (TRM)
- MAS Cyber Hygiene Notice
- MAS Outsourcing Guidelines
- ISO 27001
- NIST Cybersecurity Framework
- COBIT
- SOC 2
- ITIL
- Data Protection Regulations
- Present technology and cybersecurity risks to executive management, board committees, and regulators.
- Develop and monitor Key Risk Indicators (KRIs) and Key Control Indicators (KCIs).
Regulatory& Audit Management
- Act as the primary interface for regulators, internal audit, external audit, and risk assurance teams.
- Lead regulatory inspections, audits, assessments, and remediation programs.
- Drive timely closure of audit observations, regulatory findings, and risk issues.
- Conduct gap assessments against new regulations and convert findings into actionable remediation programs.
Cloud,Infrastructure & Digital Transformation
- Govern hybrid and multi-cloud environments including AWS, Azure and Oracle Cloud through architecture governance, landing zone standards, cloud risk assessments and secure control baselines.
- Establish cloud governance standards, security baselines, architecture principles, and risk management frameworks.
- Lead modernization of enterprise infrastructure, workplace technologies, and digital banking platforms.
- Support digital transformation initiatives through secure technology enablement.
Third-PartyRisk & Vendor Management
- Establish and oversee Third-Party Risk Management (TPRM) frameworks.
- Conduct due diligence, risk assessments, contract reviews, and ongoing monitoring of technology vendors.
- Manage outsourcing governance and compliance requirements.
- Ensure service levels, operational resilience, and vendor performance objectives are achieved.
DataPrivacy & Information Governance
- Lead enterprise data protection and privacy programs.
- Ensure compliance with applicable privacy regulations and internal policies.
- Oversee Data Protection Impact Assessments (DPIAs), data governance, retention, and cross-border data transfer controls.
- Maintain enterprise Data Protection Management Programme (DPMP).
- Manage privacy incidents and regulatory reporting obligations.
BusinessContinuity & Operational Resilience
- Develop and maintain Business Continuity Management (BCM) and Disaster Recovery (DR) frameworks.
- Conduct regular resilience testing, tabletop exercises, and crisis simulations.
- Ensure Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) meet business requirements.
- Drive enterprise operational resilience initiatives.
AIGovernance & Emerging Technology Risk
- Establish governance frameworks for Artificial Intelligence, Machine Learning, and Generative AI adoption.
- Ensure compliance with ISO 42001, NIST AI RMF, MAS FEAT Principles, MAS Veritas Framework, and emerging AI regulations.
- Conduct AI risk assessments covering explainability, bias, privacy, security, model governance, and human oversight.
- Support responsible and ethical AI implementation across business functions.
Leadership& Stakeholder Management
- Lead and mentor cross-functional teams across cybersecurity, infrastructure, risk, governance, and operations.
- Build high-performing teams through coaching, succession planning, and capability development.
- Provide strategic technology advisory support to executive leadership and board committees.
- Translate complex technical and cyber risks into business-impact language for senior stakeholders.
RequiredQualifications
Education
- Bachelor's Degree in Engineering, Computer Science, Information Technology, or related discipline.
- MBA or equivalent postgraduate qualification preferred.
ProfessionalCertifications
Preferredcertifications include:
- CISM (Certified Information Security Manager)
- CRISC (Certified in Risk and Information Systems Control)
- ISO 27001 Lead Auditor
- ISO 42001 Lead Auditor
- CISSP (Preferred)
- ISC2 CC
- COBIT
- ITIL
- Certified Scrum Master (CSM)
Experience
- 12+ years of progressive experience in Information Technology, Cybersecurity, Technology Risk, and Governance.
- 5+ years in a senior leadership role such as Head IT, CISO, Head Technology Risk, or Technology Governance Leader.
- Strong exposure to regulatory engagement, audits, risk committees, and board-level reporting.
- Proven experience managing large technology and cybersecurity teams.
- Hands-on knowledge of cloud platforms including AWS, Azure, and Oracle Cloud.
- Experience leading digital transformation, cybersecurity modernization, and governance initiatives.
WorkSchedule
· 5.5 days
· On-Site