Director, Information & Cyber Security Engineer, Group Asset Management - Business Technology

Job Responsibilities:

We are looking for an Information and Cyber Security Engineer. You will be part of the founding key team member, reporting to the Head of Information and Cyber Security and working closely with team leads in the transformation of the business. If you are passionate about technology and digital transformation for business and want to be in a team where your views matter, learning and collaboration is part of the culture, please reach out and we would love to talk to you!

1. Design, implement, and manage security solutions across on-premise and cloud environments (AWS, GCP, Azure) using cloud-native security tools and services.
2. Configure and maintain secure cloud architectures, identity and access management (IAM), security monitoring, and incident response automation.
3. Perform continuous security monitoring, log analysis, and threat detection using SIEM tools, endpoint security, and cloud security monitoring solutions.
4. Conduct security assessments, vulnerability scanning, penetration testing, and remediation activities to mitigate security risks.
5. Perform risk assessments for applications, infrastructure, and third-party services, ensuring compliance with frameworks such as CIS, NIST, PCI DSS, and SOC 2.
6. Investigate security incidents, analyze attack patterns, and lead response efforts to mitigate threats in real time.
7. Support compliance initiatives by ensuring security controls meet regulatory and internal requirements, including MAS guidelines.
8. Develop automation scripts and tools for security monitoring, threat intelligence integration, and policy enforcement.
9. Assist in delivering security training programs and promoting a security-first mindset across the organization.
10. Continuously research and implement security best practices, emerging threats, and new cybersecurity technologies.

Job Requirements:

1. Excellent relationship-building, stakeholder management, communication, and influencing skills.
2. Experience managing senior business stakeholders.
3. Strong motivation and capability to drive initiatives and changes.
4. Proactive leadership and teamwork skills.
5. Relevant industry certifications (e.g., CISSP, CISM, CISA, CCSP).
6. Excellent analytical and problem-solving abilities.
7. Experience in team leadership, coaching, and mentoring.
8. Knowledge of industry standards such as ISO 27001, MAS TRM, NIST, CIS, PCI/DSS, and SOC 2.
9. Familiarity with security technologies such as firewalls, intrusion detection systems, and endpoint protection.
10. Experience with security operations centers (SOC) and setting up SOC models.
11. Strong program management background.
12. Product-specific certifications such as MCSE, CCNA Security.
13. Good knowledge of TCP/IP protocol.
14. Ability to handle sensitive information with confidentiality and integrity.
15. Experience in driving enterprise initiatives for E2E security posture analysis.
16. Ability to work with subsidiaries and understand regional security requirements.