Security Lead

Liquid Group is a FinTech payments services group based in Singapore. Liquid empowers and connects businesses and individuals to make transactions in a smart, secure and cost-effective way, anywhere in the world.

We operate a regional payment network to enable cross-border QR payment services for e-wallet operators, banks, and merchants. We also provide white-label solutions to accelerate the development and adoption of mobile payments for our business partners.

We work in a collaborative and adaptive way, exploring innovative ideas and solving challenging problems to develop our products. Together, we ensure efficiency, security, and convenience for our partners and customers.

Website: www.liquidgroup.sg

• Design, implement, and maintain information security policies, standards, and controls.
• Monitor internal and external threats, vulnerabilities, and risks. Lead response and remediation efforts.
• Lead incident response planning and conduct tabletop exercises.
• Develop and maintain threat models and security monitoring processes.
• Oversee implementation of endpoint protection, intrusion detection/prevention, SIEM, and DLP solutions.

• Ensure compliance with MAS TRM Guidelines, PDPA, and other relevant standards (ISO 27001, PCI-DSS).
• Participate in internal audits and liaise with external auditors and regulatory bodies.
• Perform regular risk assessments and develop mitigation plans.

• Partner with DevOps to integrate security into CI/CD pipelines, infrastructure as code, and application development workflows.
• Review security implications of infrastructure design (AWS, microservices, APIs).
• Conduct secure code reviews and security testing (SAST/DAST).
• Choose and deploy tools for improved observability and monitoring

• Drive security training, phishing simulations, and awareness programs across the company.
• Build a security-first culture through education and regular updates.

• Evaluate and manage third-party security vendors, tools, and contracts.
• Assess security posture of vendors and partners in line with regulatory expectations.

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field.
• 5–8 years of experience in cybersecurity, with 2+ years in a lead or senior role.
• Experience working in FinTech or financial services is a strong advantage.
• Strong knowledge of IS027001 and other relevant security standards frameworks.
• Hands‑on experience with AWS security, APT landscape and tools, SIEM and log management, firewalls, DDOS and other endpoint protection.
• Familiarity with DevSecOps practices and secure software development lifecycle (SSDLC).
• Professional certifications preferred: CISSP, CISM, CEH, or equivalent.
• Strong problem‑solving and analytical skills.
• Excellent communication skills with the ability to explain complex security topics to non‑technical stakeholders.
• High sense of ownership, integrity, and confidentiality.
• Ability to work cross‑functionally.