AVP Technology Information Security Officer

Singlife is a leading homegrown financial services company, offering consumers a better way to financial freedom. Through innovative, technology-enabled solutions and a wide range of products and services, Singlife provides consumers control over their financial wellbeing at every stage of their lives.

In addition to a comprehensive suite of insurance plans, employee benefits, partnerships with financial adviser channels and bancassurance, Singlife offers investment and advisory solutions through its GROW with Singlife platform. It also offers the Singlife Account, a mobile-first insurance savings plan.

Singlife is the exclusive insurance provider for the Ministry of Defence, Ministry of Home Affairs and Public Officers Group Insurance Scheme. Singlife is also an official signatory of the United Nations Principles for Sustainable Insurance and the United Nations-supported Principles for Responsible Investment.

The merger of Aviva Singapore and Singlife was announced in September 2020 and created one of the largest homegrown financial services companies in Singapore in a deal valued at S$3.2 billion. It was the largest insurance deal in Singapore at the time. Singlife was subsequently acquired by Sumitomo Life in March 2024, one of Japan’s leading life insurers, which valued Singlife at S$4.6 billion, making the transaction one of the largest insurance deals in Southeast Asia.

• Oversights in Technical Assessments and Recommendations: Conduct meticulous and comprehensive technical assessments of security controls, leaving no stone unturned in identifying critical gaps and providing strategic recommendations.
• Perform technical information security risk assessments on business applications throughout the development lifecycle, including SDLC, Agile, and Iterative methodologies.
• Identify and report significant information security issues and gaps, providing technical-level recommendations for risk mitigation.

• Act as the Subject Matter Expert in Application Development Lifecycle: Provides expert advice in assessing security requirements and controls throughout the application development lifecycle.
• Ensure strategic planning and implementation of security controls to enhance development lifecycle security.

• Driving Strategic Improvements in Information Security: Drive improvement initiatives to enhance information security processes, standards, and policies.
• Advocate for the promotion of information security best practices, ensuring alignment with relevant regulations and frameworks.

• Strategic Stakeholder Engagement and Collaboration: Collaborate with domain architects, project managers, and IT subject matter experts to foster a collective security culture.
• Raise awareness of the organization’s information security policies, standards, and best practices among stakeholders.
• Interface with Risk, Internal Audit, External Audit, and regulatory bodies during audits to provide support and facilitate smooth audit processes.
• Ensure stakeholders understand their strategic roles and responsibilities concerning information security, fostering a culture of accountability.

• Minimum of 7+ years of progressive experience in Information Security, Audit, or Risk Management roles, with significant exposure in financial services or similarly regulated industries.
• Good command of Information Security control areas including Authentication/Authorization, Access Controls, Entitlement, Cryptography, Encryption, Network, Application/System Security, and Key Management. In-depth knowledge of Vulnerability Management frameworks (OWASP, SANS) is essential.
• Proficiency in SDLC, Agile/Iterative, DevOps/DevSecOps methodologies, and their integration with comprehensive security assessments.
• Demonstrated understanding and application of the Singapore regulatory framework, local laws concerning information security, technology risk, and data protection (e.g., MAS TRM, PDPC PDPA).
• Strong familiarity with global standards such as ISO-27001, NIST CSF, MITRE ATT&CK, and their practical application.
• Expertise in API Security and Cloud Security architectures, particularly in AWS or Azure environments.
• Exceptional written and verbal communication skills, with a proven ability to influence and negotiate effectively. Keen attention to detail with strong problem-solving and analytical abilities.
• Demonstrated capability to lead and mentor teams, with a track record of driving strategic initiatives independently.

• University degree in Information Security, Computer Science, Engineering, or a related field. Advanced degrees and relevant certifications are preferred.

• Relevant Information Security Industry qualifications / certifications such as CISSP, CISM, CISA, relevant SANS certifications, Cloud certifications (AWS/Azure), or equivalent industry-recognized qualifications are mandatory.

Updated Date 13-01-2026

Job ID J_1542

Department Technology & Operations

Location Singapore, Singapore

Employee Type Permanent - Full Time