IT Security Manager

In this role, you will be a part of Specialists team to drive IT Security initiatives for Prudential Singapore. As part of this dynamic role, you will report to Head, IT Security, and work closely with business units and other IT teams to keep Prudential safe.

• Maintain technology standards, processes and specifications in the implementation of Technology Risk Management and IT Security.
• Manages IT Security projects and resolve new/complex problems which may impact the Prudential Singapore security posture.
• Implement, and maintain the organisation’s information security strategy and procedures in alignment with regulatory requirements and Group policies and standards.
• Monitor the IT Security metrics to identify vulnerabilities, threats and events / incidents and responding promptly to mitigate risk and minimize impact.
• Perform relevant security analysis / assessments or engage vendor to perform penetration tests to identify and address potential threats.
• Support the cyber security incident response process.
• Ensure compliance with financial sector regulations, such as MAS TRM Guidelines, and other relevant local and international standards.
• Collaborate with other IT departments, Risk, and Compliance to integrate security measures into business processes and technology initiatives.
• Develop and deliver security awareness programmes for staff across the organisation, fostering a culture of security and compliance.
• Oversee third‑party risk management, including security assessments of vendors and service providers.
• Prepare regular security reports, metrics, and recommendations to senior management.
• Train, develop and share IT Security knowledge with Team members.

• Scripting and programming experience (Java, NodeJs, Xcode) will be beneficial.
• Good knowledge and experience of using a variety of penetration testing and threat modelling tools including open source and commercial mapping.
• Good Knowledge of SDLC, Database, Application, and Web server design and implementation.
• Knowledge and experience on Agile, Scrum frameworks, CI/CD will be beneficial.
• Web Application, Mobile Application and API security experience with good understanding of related vulnerabilities and control measures.
• Good working knowledge and experience on three (3) or more of the following areas: Web/Mobile application Penetration Testing, Secure Code Reviews, Secure Static Code analysis, Dynamic Code Analysis and Vulnerability Assessments.
• Knowledge of cloud and cloud security technologies and concepts.
• Good understanding of local government regulations (MAS TRM, MAS Outsourcing Guidelines, PDPA).
• Experience with industry compliance, security standards and/or frameworks including one or more of the following: PCI‑DSS, ISO 27001, NIST.
• Independent and works well across different functions.
• Excellent problem analysis skill. Innovative and creative in developing solutions.
• Strong sense of drive and commitment to deliver on responsibilities.
• Ability and willingness to be hands‑on.
• Adept at explaining technical jargon to non-technical professionals.
• Strong collaboration and partnering skills.
• Readiness to become a thought leader for aspects of cyber security across multiple domains.