Head of Information Security

The Digital & Technology (IT) Department supports the organisation’s mission by delivering secure, reliable, and user‑centric technology services across all preschools and corporate functions. The team oversees core enterprise systems, network and infrastructure operations, digital learning platforms, and centre‑based technologies.

Working closely with educators, operations, and corporate teams, the department drives digital transformation, enhances service delivery, and ensures strong data governance. Its key functions include IT infrastructure and operations, enterprise applications, digital solutions, and cybersecurity governance.

• Build strong relationships with senior business leaders to identify, assess, prioritise, and mitigate cybersecurity risks.
• Provide expert cyber risk advisory for day‑to‑day operations and major technology or transformation projects.
• Ensure clear accountability for risk ownership and support stakeholders in executing mitigation actions.
• Present emerging risks, incidents, and key issues to senior management clearly and concisely.

• Lead proactive Threat & Vulnerability Management, and Incident Response.
• Lead the team to effectively manage 24/7 Security Operations function, ensuring high‑fidelity alerting and effective remediation.
• Ensure security architecture & design reviews are performed for all major projects, embedding security early in the development lifecycle.

• Work closely with Group Security, Risk Management, HR, Legal, Compliance, and Internal Audit teams.
• Serve as the subject‑matter expert on security compliance, regulatory requirements, and enterprise risk frameworks.
• Support internal and external audit engagements, ensuring findings are addressed and governance maturity is strengthened.

• Lead the development, implementation, and continuous improvement of the cybersecurity framework.
• Define and maintain security policies, procedures, standards, and guidelines aligned to PDPA, regulatory obligations, and best practices.
• Ensure robust security controls are embedded across systems, infrastructure, and business operations.

• Lead the development, implementation, and continuous improvement of a robust IT governance framework for our technology landscape.
• Identify and close process and governance gaps, ensuring that all IT practices, technology initiatives and operations align with our organisational goals.
• Establish and track key performance indicators (KPIs) and metrics to measure D&T performance and the effectiveness of the governance framework.
• Manage enterprise risks related to D&T, assess impact, track effectiveness of existing control measures, define and track the implementation of additional control measures.
• Prepare and present regular reports to senior management and the board on the state of technology governance, risk, and compliance.

• Coordinate external audits, regulatory inspections, and security assessments.
• Ensure timely provision of audit evidence and execution of remediation plans.
• Maintain documentation supporting compliance and governance across all business units.

• Partner with other teams within the Digital & Technology department to provide guidance on technology risks, regulatory obligations, and project‑related security requirements.
• Conduct risk assessments on critical IT assets including applications, infrastructure, cloud services, emerging technologies, and centre‑based systems.
• Offer actionable recommendations to IT and business stakeholders to support secure technology adoption.

• Communicate cyber risks, key metrics, threat trends, and control effectiveness to senior stakeholders.
• Translate technical and cybersecurity concepts into clear business language to support informed decision‑making.
• Escalate significant risks or incidents appropriately with clear remediation recommendations.

• Lead, mentor, and develop the Information Security team across governance, risk, assurance, and operational functions.
• Build a high‑performing capability through clear goals, professional development, and skills uplift.
• Foster a collaborative, security‑first culture across IT and business teams.
• Manage resources, vendor partnerships, and workload allocation to ensure effective delivery of security initiatives.
• Drive continuous improvement, knowledge sharing, and a culture of accountability within the team.

• Degree in Computer Science, Information Systems, Engineering, or a related field.
• Professional certifications preferred: CISSP, CISA, CISM, OSCP, CASP, or CCS.
• Minimum 10+ years of progressive experience in Information Security, Cybersecurity, or Technology Risk.
• At least 5 years in a senior leadership role overseeing security functions or ICT operations.
• Proven track record in leading large‑scale transformation programmes and managing change in fast‑moving environments.
• Strong experience in vendor management and oversight of third‑party security providers.
• Extensive experience forming, implementing, and monitoring security policies, standards, and procedures.
• Solid working knowledge of ICT operations, security architecture, security governance, vulnerability management, and incident response.
• Strong interpersonal, communication, and stakeholder management skills.
• Strategic thinker with the ability to develop and execute security strategies aligned to business needs.
• Highly adaptable, with the ability to lead teams through shifting priorities and organisational changes.
• Strong understanding of emerging technologies, evolving cyber threats, and best‑practice security frameworks.
• Ability to work effectively with cross‑functional and multi‑disciplinary teams.
• Skilled in risk assessment, threat and vulnerability management, incident management, compliance, and digital governance.
• Business‑and customer‑focused mindset with strong problem‑solving and decision‑making abilities.