Geylang - Information Security Manager

Our client is seeking an experienced Information Security Manager to lead and strengthen their cybersecurity operations across the region. This is a critical role where you will be responsible for managing the overall security operations framework — covering threat detection, incident response, vulnerability management, and compliance while working closely with IT, engineering, and risk stakeholders.

1. Security Operations & Incident Management

• Lead the Security Operations Center (SOC) to monitor, detect, and respond to cybersecurity threats and incidents.
• Manage security solutions such as SIEM, EDR, and IDS/IPS to enhance visibility and response capabilities.
• Oversee and coordinate incident response activities including investigation, containment, recovery, and post-incident review.

1. Vulnerability & Threat Management

• Conduct and manage regular vulnerability assessments and penetration testing.
• Collaborate with internal teams to ensure timely remediation of security gaps.
• Track and assess evolving threats and proactively implement preventive measures.

1. Security Compliance & Risk Governance

• Ensure compliance with relevant standards and frameworks such as PCI DSS, MAS TRM, and GDPR.
• Support internal/external audits and regulatory reviews.
• Maintain and update cybersecurity policies, standards, and documentation.

1. Training & Cross-Functional Collaboration

• Drive security awareness training across the organization.
• Partner with DevOps/engineering teams to embed security practices into CI/CD pipelines.
• Liaise with vendors, regulators, and external partners on security-related matters.

• Bachelor's degree in Cybersecurity, Computer Science, or a related discipline.
• At least 5 years of experience in cybersecurity, with 2+ years in a leadership or SOC management role.
• Hands-on experience with modern security tools including SIEM (Splunk, Sentinel), EDR, firewalls, and cloud security platforms (AWS, Azure, GCP).
• Solid knowledge of incident handling, threat intelligence, malware analysis, and digital forensics.
• Familiarity with financial sector regulations such as PCI DSS and MAS TRM is highly preferred.
• Strong leadership, stakeholder engagement, and communication skills.