Head of Security

At Evooq, we are building an ecosystem of solutions that combine data, technology, and investment expertise. Finance professionals use our platform to quickly identify investment opportunities, make informed decisions, and manage risk across the entire investment lifecycle.

We operate through highly autonomous teams built on a culture of trust and responsibility.

Job description

Head of Security/ Security Manager/ Senior Security Engineer

Seniority: Senior/ Principal level

Location: Singapore

Contract type: Full-time permanent role

Work Environment: Hybrid, 3 days in the office

We are looking for a Head of Security (or a senior security leader ready to step into their first Head role) with strong engineering and technical security expertise to build and lead our security program. Reporting to the CTO, you will own the security of our SaaS platform, infrastructure, and corporate environment, while also enabling enterprise sales through an efficient, automated approach to compliance and customer trust.

This role is ideal for someone who has deep hands-on experience in cloud and application security, plus exposure to compliance and governance, and is motivated to step up and lead. We value a builder’s mindset and the ability to grow with us more than long résumés or rigid opinions.

You will be hands-on with cloud and application security, incident response, and detection, while also shaping how we approach governance and compliance. A key responsibility will be to automate as much as possible the GRC workflows (evidence collection, audit prep, questionnaire responses) so the company stays audit-ready without adding bureaucracy.

• Drive security across our SaaS platform and cloud infrastructure (AWS).
• Partner with Engineering to embed secure coding practices, automated scanning, and CI/CD security controls.
• Oversee vulnerability management, penetration testing, and incident response processes.
• Define and monitor security metrics, detections, and logging to ensure visibility and resilience.

• Own the company-wide security roadmap, aligning technical and business priorities.
• Lead risk management: identify, assess, and mitigate key risks.
• Build or adopt tooling to automate compliance evidence collection, security questionnaires, and audit reporting.
• Define and enforce access controls, identity management (SSO, MFA), and endpoint security in partnership with IT.

• Maintain compliance with ISO 27001, GDPR and other relevant standards.
• Lead external audits and security certifications, using automation to minimize manual effort.
• Streamline responses to enterprise customer security reviews and RFPs.

• Grow into leading a lean security team as the function expands.
• Manage relationships with external vendors and consultants (pen-testing, compliance support).
• Promote a culture of security awareness across the company.

• 5+ years in information security with a strong background in cloud and application security.
• Hands-on experience with AWS security, modern DevOps practices, and SDLC security.
• Proven ability to design and implement security tooling and automation.
• Familiarity with ISO 27001, GDPR or similar frameworks, ideally with an emphasis on automation.
• Comfortable representing security in customer conversations and enterprise due diligence.
• Strong communication skills: able to translate technical risks into business impact.
• Experience mentoring or guiding others; formal management experience a plus but not required.

• Startup or scale-up SaaS experience.
• Prior success with automation.
• Certifications such as CISSP, CISM, or cloud security certs (AWS).

Evooq is a global provider of technology-driven solutions for wealth managers. We are building an ecosystem that combines data, technology and investment expertise to make personalised investment scalable.

Wealth managers use our solutions to deliver personalised advice to investors with high-quality content and the best investment products.

We are headquartered in Lausanne, with additional offices in Zurich and Singapore.