Cybersecurity Manager

ITCAN

  • Singapore
  • Permanent
  • Full-time
  • 13 days ago
The IT Security Manager is responsible for leading, developing, and managing the IT Security team to protect the confidentiality, integrity, and availability of the organization’s and clients’ IT infrastructure. This role oversees the implementation of cybersecurity strategies, ensures compliance with regulatory standards, and provides expert guidance on security practices. The manager will supervise IT Security Officers, ensure the successful execution of security programs, and act as the key liaison between the security team, IT, business units, and external clients.Key ResponsibilitiesTeam Leadership & Strategy
  • Lead and mentor a team of IT Security Officers, setting performance objectives and monitoring progress.
  • Define and implement security policies, procedures, and standards aligned with industry best practices (e.g., NIST, ISO 27001).
  • Oversee day-to-day security operations, delegating tasks to ensure efficient execution of responsibilities.
  • Foster a culture of continuous improvement and learning within the team.
Security Program Oversight
  • Drive the design and implementation of cybersecurity programs including risk management, identity and access management (IAM), incident response, and vulnerability management.
  • Ensure security controls are effectively deployed and monitored.
  • Lead periodic security reviews and coordinate third-party audits and assessments.
Vulnerability & Threat Management
  • Oversee the identification, assessment, and remediation of security vulnerabilities across IT systems and applications.
  • Coordinate regular penetration tests, threat modeling exercises, and patch management activities.
  • Review vulnerability and risk reports provided by IT Security Officers and escalate critical risks accordingly.
Incident Response & Investigations
  • Lead the organization’s response to security incidents, ensuring timely investigation, containment, and resolution.
  • Conduct root cause analysis and ensure lessons learned are implemented to prevent future incidents.
  • Maintain and test the incident response plan regularly.
Governance, Risk & Compliance
  • Ensure compliance with legal and regulatory requirements (e.g., GDPR, PDPA, MAS TRM).
  • Lead risk assessments and maintain the security risk register.
  • Provide oversight for audit readiness and compliance reporting.
Client & Stakeholder Engagement
  • Act as the primary point of contact for clients regarding security matters.
  • Support client audits, provide advisory on emerging threats, and represent the security team in cross-functional discussions.
  • Deliver executive-level reporting on the security posture and incident trends.
Training & Awareness
  • Oversee the planning and delivery of security awareness programs for employees and clients.
  • Promote adoption of secure practices across the organization and reinforce a security-conscious culture.
Key RequirementsEducation:Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field.Master’s degree is an advantage.Certifications:Relevant industry certifications such as CISSP, CISM, CISA, CEH, or equivalent.Experience:Minimum 7 years in IT security or cybersecurity roles, with at least 2–3 years in a leadership capacity.Strong understanding of enterprise security technologies including firewalls, SIEM, IAM, DLP, and vulnerability scanners.Demonstrated experience with managing security operations and audit/compliance processes.Skills:Strategic thinking with hands-on technical capabilities.Excellent communication and interpersonal skills.Strong leadership and team management abilities.Analytical mindset with attention to detail and problem-solving capabilities.Personal Attributes
  • Proactive and results-oriented.
  • Integrity and discretion in handling sensitive information.
  • Able to work under pressure, particularly during security incidents.
  • Passion for cybersecurity and continuous learning.
Working Conditions
  • May require on-call availability during security incidents or critical upgrades.
  • Occasional travel to client sites may be needed.
  • Must be comfortable working in both internal and client-facing environments.

ITCAN