Lead IT Security Officer

• Position: Lead IT Security Officer
• Well Established Singaporean General Insurance Firm
• Working Hours: Monday - Friday (8:30am – 5:30pm)
• Salary (commensurate with experience): Up to $7.000 + Variable Bonus
• Working Location: Raffles
• Outpatient Medical & Dental Benefits Provided
• Insurance Benefits Provided
• Duration: Permanent
• Industry: Insurance

• Responsible for leading the development, execution, and management of the enterprise-wide information security strategy, architecture, and program at company.
• Reporting directly to the CITO, work across departments to protect the organization’s information assets, mitigate cyber risks, and ensure alignment between business and security objectives.
• Involves in strategic planning, policy formulation, risk management, and hands‑on oversight of cybersecurity operations and IT infrastructure resilience.

1. Define and implement the enterprise-wide Information Security Strategy in alignment with company’s business goals and regulatory requirements.
2. Serve as the primary advisor to the CITO and executive leadership on all cybersecurity and risk matters.
3. Lead the development, approval, implementation, and adherence of information security policies, procedures, and standards.
4. Ensure business units understand and adhere to the organization’s security objectives and practices.

1. Lead comprehensive Information Security Risk Assessments across internal and external domains, including third-party/vendor risks.
2. Design and oversee a formal Information Security Risk Management Plan, regularly reporting risk metrics and mitigation effectiveness.
3. Ensure continuous compliance with relevant regulatory, industry, and internal standards (e.g., MAS TRM Guidelines, ISO 27001).
4. Conduct periodic audits and reviews of cybersecurity controls and frameworks.

1. Manage the IT Infrastructure and Information Security Budget efficiently, ensuring Cost Variance (CV) is minimized.
2. Establish performance metrics such as: Cost Efficiency of IT Security investments, System Uptime vs. Downtime (Availability), Incident Volume, Resolution Time, Aging Reports, Vendor SLA Performance and operational KPIs.
3. Develop business cases and ROI justifications for information security initiatives and technologies.

1. Oversee the implementation and continuous improvement of Cybersecurity Programs, ensuring proactive threat detection, response, and mitigation.
2. Monitor and report on security posture through metrics such as: Number of breaches avoided, Time to detect and respond to incidents, Compliance level with cybersecurity standards.
3. Lead security incident response efforts, coordinating cross‑functional support and communication.

1. Evaluate emerging cybersecurity technologies, practices, and innovations aligned with company’s strategic IT direction.
2. Ensure security assurance for all strategic IT initiatives by identifying suitable controls and countermeasures.
3. Drive continuous improvement and maximize business value from IT Security investments through innovation and scalability.

1. Annual Information Security Strategy and Risk Report
2. Quarterly Risk Assessments and Executive Dashboards
3. Cybersecurity Initiative Effectiveness Metrics
4. Cost Variance and Budget Utilization Reports
5. IT Security KPIs and SLA Performance Reviews

• Minimum Bachelor’s Degree in Computer Science, Information Security or Information Technology.
• At least 8 years of experience in information security leadership with at least 5 years in an IT Security Management or CISO role.
• Proven track record of managing cybersecurity programs, risk frameworks, and compliance in financial services or regulated industries.
• Strong understanding of regulatory frameworks, enterprise risk management, and cybersecurity standards.
• Executive presence and ability to communicate complex technical issues to non‑technical stakeholders.
• Strong leadership, influence, and team‑building skills across multidisciplinary teams.
• Demonstrated experience in budget planning, project management, and strategic execution.
• Possess any of the Professional certifications such as CISSP, CISM, CISA, CRISC, CCSP, or equivalent is an added advantage.

Email to: henry.heng@ascension-sg.com for more information.

***We do not charge our candidates any referral fee nor bind them with any contract. ***

Henry Heng

Consulting Manager

Reg no.: R1982999

EA No: 25C2861

Information Security

Strategic Planning

Enterprise Risk Management

Investments

ISO

Assurance

Formulation

Risk Management

Information Technology

Security Management

Security Strategy

General Insurance

Audits

CISA

CISSP