Deputy Director/Director, Security, Governance, Risk & Compliance

LawNet Technology Services (LTS) is a wholly owned subsidiary of the Singapore Academy of Law (SAL), a promotion and development agency for Singapore’s legal industry. LTS is the technology company behind LawNet, a one‑stop law practice portal providing a complete suite of information and transactional solutions for the Singapore and global legal community.

We are seeking an experienced technology security and risk management professional to serve as the process owner of all assurance activities related to the availability, integrity and confidentiality of customer, business partner, employee and business information in compliance with the organisation's information security and IT risk management policies. The role requires a hands‑on approach in working with executive management to determine acceptable levels of risk for the organization. This position is responsible for establishing and maintaining a corporate‑wide information security and IT risk management program to ensure that information assets are adequately protected.

• Develop, implement and maintain a comprehensive enterprise information security and IT risk management programme aligned to SAL’s strategic objectives.
• Establish and enhance the Information Security and IT Governance Framework, including relevant policies, standards, procedures, controls and monitoring mechanisms.
• Define roles and accountabilities across the organisation relating to IT risk, security and data governance.
• Lead the development and implementation of data classification standards, ensuring consistent handling, protection and privacy of SAL and customer data.
• Maintain an up‑to‑date inventory of all IT assets across SAL Group, including associated risk profiles and mitigation roadmaps.
• Conduct ongoing assessments of IT risks and vulnerabilities, maintain the IT Risk Register, and ensure alignment with SAL’s Enterprise Risk Management (ERM) framework.
• Monitor compliance with IT governance, security and data handling standards through periodic control checks and audits.
• Partner closely with Business Units to facilitate risk assessments, technology planning and informed decision‑making on security and governance matters.
• Provide advisory on appropriate cybersecurity solutions, architectures and technologies.
• Investigate, respond to and resolve security incidents, and oversee the implementation of preventive controls and lessons learned.
• Raise organisation‑wide awareness and foster a culture of accountability for managing information security and IT assets.
• Engage with cross‑functional committees to ensure consistent security practices across technology projects and services.
• Contribute to strategic business technology planning by providing insights on emerging risks, security trends and future technology directions.

• Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program.
• Work directly with the business units to facilitate risk assessment and risk management processes.
• Develop and enhance an information security management framework.
• Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems and services.
• Provide leadership to the enterprise's information security organization.
• Partner with business stakeholders across the company to raise awareness of risk management concerns.
• Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems.

Lead the development, implementation and operation of policies, standards, practices, procedures and systems that govern the Management, Security and Privacy of IT assets in SAL Group.

• Set a Risk and Governance Framework for managing IT assets to support growth and compliance in SAL Group.
• Define roles and responsibilities related to IT risk and governance, ensuring clear accountabilities across the organisation.
• Define data classification for policy driven handling of SAL and customer data.
• Ensure smooth implementation and training of the Framework across all Business Units.
• Educate the business users on key data governance processes and foster a culture of accountability across the business to properly manage IT assets.
• Maintain IT Risk Register that dovetails with SAL’s Enterprise Risk Management (ERM).
• Ongoing monitoring of IT risk and governance compliance through control audits.
• Develop and maintain an up‑to‑date list of all IT assets in SAL Group, each with a detailed risk profile and a roadmap to mitigate identified risks.
• Implement mitigation measures for identified risks in accordance with prioritisation agreed with the Reporting Officer.
• Lead the investigation, resolution, prevention, and closure of realised risk and incidents.
• Provide leadership within the information security sphere through development of cyber security strategies and action plans.
• Formulate information security goals and establish policies, standards and procedures in line with cyber security directions of the SAL group as a whole.
• Provide advisory on the appropriate cyber security solutions and technologies to be deployed.

• Degree in a technology‑related field required.
• Minimum of 5 years of experience in a combination of risk management, information security and IT jobs.
• Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST.
• Excellent written and verbal communication skills and high level of personal integrity.
• Innovative thinking and leadership with an ability to lead and motivate cross‑functional, interdisciplinary teams.
• Experience with contract and vendor negotiations and management including managed services.
• Experience in Agile (scaled) software development or other best‑in‑class development practices.
• Experience with cloud computing/elastic computing across virtualised environments.
• Professional security management certification preferred.

Please indicate your current and expected salary in your application for our consideration.

The successful applicant will be placed on a two‑year contract in the first instance, and we regret to inform that only shortlisted candidates will be notified.