CISO / IT Security Lead (prefer insurance sector)

The IT Security Lead will be responsible for leading the development, execution, and management of the enterprise-wide information security strategy, architecture, and program at Insurance Sector. Reporting directly to the CITO, the IT Security lead will work across departments to protect the organization’s information assets, mitigate cyber risks, and ensure alignment between business and security objectives.

This executive role combines strategic planning, policy formulation, risk management, and hands-on oversight of cybersecurity operations and IT infrastructure resilience.

• Strategic Leadership & Governance
  • Define and implement the enterprise-wide Information Security Strategy in alignment with business goals and regulatory requirements.
  • Serve as the primary advisor to the CITO and executive leadership on all cybersecurity and risk matters.
  • Lead the development, approval, implementation, and adherence of information security policies, procedures, and standards.
  • Ensure business units understand and adhere to the organization's security objectives and practices.
• Risk Management & Compliance
  • Lead comprehensive Information Security Risk Assessments across internal and external domains, including third-party/vendor risks.
  • Design and oversee a formal Information Security Risk Management Plan, regularly reporting risk metrics and mitigation effectiveness.
  • Ensure continuous compliance with relevant regulatory, industry, and internal standards (e.g., MAS TRM Guidelines, ISO 27001).
  • Conduct periodic audits and reviews of cybersecurity controls and frameworks.
• Operational Excellence & Metrics
  • Manage the IT Infrastructure and Information Security Budget efficiently, ensuring Cost Variance (CV) is minimized.
  • Establish performance metrics such as:
    • Cost Efficiency of IT Security investments
    • System Uptime vs. Downtime (Availability)
    • Incident Volume, Resolution Time, Aging Reports
    • Vendor SLA Performance and operational KPIs
  • Develop business cases and ROI justifications for information security initiatives and technologies.
• Cybersecurity Initiatives & Incident Response
  • Oversee the implementation and continuous improvement of Cybersecurity Programs, ensuring proactive threat detection, response, and mitigation.
  • Monitor and report on security posture through metrics such as:
    • Number of breaches avoided
    • Time to detect and respond to incidents
    • Compliance level with cybersecurity standards
  • Lead security incident response efforts, coordinating cross-functional support and communication.
• Technology & Innovation
  • Evaluate emerging cybersecurity technologies, practices, and innovations aligned with company’s strategic IT direction.
  • Ensure security assurance for all strategic IT initiatives by identifying suitable controls and countermeasures.
  • Drive continuous improvement and maximize business value from IT Security investments through innovation and scalability.

• Education & Certification:
  • Bachelor’s or Master’s degree in Computer Science, Information Security, Information Technology, or a related field.
  • Professional certifications such as CISSP, CISM, CISA, CRISC, CCSP, or equivalent are highly preferred.
• Experience:
  • Minimum 8-10 years of experience in Information Security leadership, with at least 5 years in a IT Security Management or CISO or equivalent role.
  • Proven track record of managing cybersecurity programs, risk frameworks, and compliance in financial services or regulated industries.
• Skills & Competencies:
  • Strong understanding of regulatory frameworks, enterprise risk management, and cybersecurity standards.
  • Executive presence and ability to communicate complex technical issues to non-technical stakeholders.
  • Strong leadership, influence, and team-building skills across multidisciplinary teams.
  • Demonstrated experience in budget planning, project management, and strategic execution.
• Key Deliverables (Annual & Ongoing):
  • Annual Information Security Strategy and Risk Report
  • Quarterly Risk Assessments and Executive Dashboards
  • Cybersecurity Initiative Effectiveness Metrics
  • Cost Variance and Budget Utilization Reports
  • IT Security KPIs and SLA Performance Reviews