AVP/Vice President, Cybersecurity (Insider, Risk & Security) (1351413857A0) - Temasek International Pte Ltd

Temasek is a global investment company headquartered in Singapore, with a net portfolio value of S$434 billion (US$324 billion, €299 billion, £250 billion, and RMB2.35 trillion) as at 31 March 2025. Marking our unlisted assets to market would provide S$35 billion of value uplift and bring our mark to market net portfolio value to S$469 billion.

Our Purpose So Every Generation Prospers guides us to make a difference for today's and future generations.

Operating on commercial principles, we seek to deliver sustainable returns over the long term.

We have 13 offices in 9 countries around the world: Beijing, Hanoi, Mumbai, Shanghai, Shenzhen, and Singapore in Asia; and Brussels, London, Mexico City, New York, Paris, San Francisco, and Washington, DC outside Asia.

For Sustainability Report 2025, please visit https://www.temasek.com.sg/content/dam/temasek-corporate/sustainability/2025/Temasek-Sustainability-Report-2025.pdf .

Introduction

Adversaries are increasingly exploiting insider access (malicious, negligent or compromised) for espionage, data theft and pre-positioning. At the same time, rapid generative AI adoption introduces new channels for data leakage and misuse, requiring enhanced end-user responsibility, oversight and controls.

This role reports directly to the CISO and is tasked to carry out the insider risk and security function within the Cybersecurity department. This role is focused on preventing, detecting and responding to insider threats across Temasek and its ecosystem, including staff, vendors and partners.

In particular, this role will support the establishment of control mechanisms and programme to enable the monitoring of insider activities as well as prevention and detection of insider threats. It will also look into the established of a structured process and mechanisms to enable the effective operationalisation of the insider risk and security functions including joint reviews and investigation with key Business units into potentially / malicious insider activities.

Responsibilities

They will have experience designing, establishing and running insider risk or similar security programmes in large, complex organisations, and be comfortable operating at both strategic and technical operational levels.

• Define and lead Temasek's insider risk strategy, aligning with the organisation's risk appetite, regulatory expectations and cybersecurity strategy.
• Design and implement the insider risk operating model, including roles and responsibilities, processes, technology stack and engagement model with Cybersecurity, Risk, HR, Legal, Compliance and Audit.
• Establish and maintain an insider risk framework and programme covering policy, use-case development, monitoring, detection, response and remediation.
• Develop a multi-year plan for development of insider risk capabilities with clear priorities, milestones and outcome-based metrics.
• Lead the eventual build-out and scaling of the insider risk function, and develop specialist capabilities.

• Establish threat profiling and behavioural monitoring for staff, vendors and partners to provide greater visibility on insider threats and enable timely actions.
• Define and maintain insider threat personas, use cases and scenarios (e.g. data theft, fraud, espionage, sabotage, negligent data leakage, GenAI misuse), informed by threat intelligence and business context.
• Work with technical teams to design and operate monitoring and analytics capabilities (e.g. UEBA, DLP, cloud security, endpoint and identity telemetry, privileged access monitoring), and continuously refine detection logic to improve coverage and reduce false positives.
• Oversee the end-to-end lifecycle of insider risk cases, from alert through triage, investigation, response and closure, coordinating across Cybersecurity, HR, Legal, Compliance and business units.
• Ensure timely and proportionate responses to insider incidents, promoting a risk-based approach that distinguishes between malicious, negligent and compromised insiders, and driving root-cause analysis to improve controls and processes.
• Assess and mitigate insider risks associated with Generative AI and other emerging technologies, including data leakage, model misuse and unapproved tool usage.
• Review and establish the operating mandate, procedures and guidelines to ensure the continuous effectiveness of the insider risk and security function.

• Develop, review and maintain insider risk policies, standards and guidelines (e.g. acceptable use, monitoring, data handling, GenAI usage) in collaboration with Legal, HR, Compliance and Risk.
• Establish clear escalation paths, decision rights and documentation standards for insider related cases, and ensure activities comply with applicable laws, regulations and internal policies, particularly around privacy, data protection and employment practices.
• Lead or support internal assurance activities on insider risk as directed by the Audit Committee and senior management, including targeted reviews, thematic risk assessments and deep dive investigations into control effectiveness, and produce regular reporting on posture, trends and remediation progress.
• Build strong relationships with senior stakeholders and design targeted awareness, education and training on insider risk and safe use of collaboration and generative AI tools, tailored to different roles and risk profiles.
• Foster a culture of trust, accountability and security conscious behaviour, balancing deterrence and transparency, and represent Temasek in relevant external forums and peer networks to leverage industry best practice and continually improve the programme.

• Bachelor's degree in Computer Science, Information Systems, Cybersecurity, Risk Management, Law, Psychology, Business or equivalent.
• Relevant professional certifications (e.g. CISSP, CISM, CISA, CPP, CRISC, or equivalent risk / fraud credentials) are an added advantage.
• 8-12+ years' experience in cybersecurity, insider risk, fraud, security operations, IT risk management or related fields, including experience designing or running complex security or risk programmes in large organisations.
• Demonstrable experience in insider risk management, user behaviour monitoring, fraud analytics, security investigations or similar disciplines.
• Strong understanding of technologies commonly used in insider risk programmes (e.g. SIEM, UEBA, DLP, EDR/XDR, CASB, identity and access management, privileged access monitoring) and how to integrate them into effective monitoring and response capabilities.
• Familiarity with legal, privacy, employment and ethical considerations relating to employee monitoring, data protection and cross-border data flows; experience working closely with Legal, HR and Compliance is preferred.
• Experience leading or overseeing complex investigations, including coordination with HR, Legal, Compliance and, where relevant, external parties.
• Proven ability to build new capabilities and teams, including defining operating models, processes and performance metrics.
• Strong analytical and problem-solving skills, with experience using data and metrics to drive decisions, measure impact and identify improvements.
• Excellent communication, influencing and stakeholder-management skills, with experience presenting to senior management, governance bodies and, ideally, Audit Committees or Boards.
• Ability to balance security, privacy, cultural and operational considerations in a pragmatic, risk-based manner.
• High level of integrity, discretion and professional judgement, with the ability to handle sensitive and confidential information appropriately.