Group Chief Information Security Officer (GCISO)

The National Healthcare Group (NHG) is a leader in public healthcare in Singapore, recognised at home and abroad for the quality of its medical expertise and facilities. Care is provided through an integrated network of seven primary care polyclinics, acute care and tertiary hospitals, national specialty centres and business divisions. Together they bring a rich legacy of medical expertise to our philosophy of integrated patient‑centred care.

NHG's vision is "Adding Years of Healthy Life". This vision goes beyond merely healing the sick to the more difficult and infinitely more rewarding task of preventing illness and preserving health and quality of life. With some 22,000 staff, NHG aims to provide care that is patient‑centric, accessible, seamless, comprehensive, appropriate and cost‑effective.

As the Regional Health System (RHS) for Central‑North Singapore, it is vital for NHG to partner and collaborate with stakeholders, community advisors, and voluntary welfare organisations. Together with our patients, their families and caregivers, we aim to deliver integrated healthcare services and programmes that help in Adding Years of Healthy Life to all concerned.

The Group Chief Information Security Officer (GCISO) is responsible for establishing and maintaining the enterprise vision, strategy and security program to ensure information assets and technologies are adequately protected. This role involves leading the information security team, developing security policies and ensuring compliance with regulatory requirements. The GCISO will work closely with senior management to align security initiatives with business objectives and manage risk effectively.

• Develop and implement a comprehensive information security strategy that aligns with the organization's goals while ensuring compliance with public healthcare IT security policies and standards.
• Lead and support the information security team, fostering a culture of security awareness among IT staff and end users to keep them informed of security threats and appropriate responses.
• Conduct thorough risk assessments and manage security incidents, serving as the primary point of contact for all security‑related activities and ensuring timely response and recovery.
• Establish, maintain, and regularly update security policies, standards, and procedures to safeguard the organization's information assets and ensure compliance with relevant laws and regulations.
• Collaborate with IT and other departments to integrate security measures into all organizational operations, while conducting compliance checks for new projects and assessing their impact on the overall risk profile.
• Recommend and implement compensating controls for any deviations from established IT security policies and standards, continuously improving security practices across the organization.
• Monitor emerging threats and technologies, advising stakeholders on appropriate actions to mitigate risks and adapt the security strategy as necessary.
• Provide IT security advisory and consulting services to project teams ensuring that security considerations are integrated into all initiatives and projects.
• Participate and contribute as a member of the Senior Management team at C‑level, contributing to the organization's overall strategic initiatives beyond just IT, on overall organisation's initiatives, not limited to IT only.

• Degree in Computer Science, Information Technology or related field.
• Relevant certifications such as CISA, CISM and/or CISSP are highly desirable.
• Proven experience in a senior Information Security role, with at least 8 years of IT security experience in IT security infrastructure design and operations, and/or in an IT security compliance and assurance role.
• Hands‑on experience in cybersecurity architecture, governance and systems integration.
• Strong knowledge of information security frameworks, risk management and compliance requirements.
• Proficiency in security technologies and tools.
• Ability to engage confidently with senior stakeholders and translate technical risks into actionable business recommendations.
• Ability to work collaboratively across departments and with external partners.
• Strong analytical skills and attention to details.
• Strategic thinking and problem‑solving abilities.