331 Chief Information Security Officer jobs in Singapore

Responsibilities:
Lead the agency-level cybersecurity function in supporting agency digital transformation initiatives whilst ensuring digital resilience of agency systems.
Formulate and implement agency cybersecurity strategies, policies and work plans, ensuring continuous alignment with agency's business strategic goals.
Review and enhance risk management through threat-based risk assessments, risk mitigations, risk monitoring and reporting.
Provide consultation and endorse risk management and mitigation plans from agency’s project teams.
Govern and enhance the agency's security posture by maintaining visibility and oversight of ICT assets, security architectures, and cybersecurity operations code of practices.
Develop and maintain incident response plan and playbooks. This involves planning, designing and conduct of security incident response workshops and exercises (table-top exercises, simulation and drills) as well as lead the investigation and management of ICT security incidents.
Provide advisory and recommendations on appropriate cybersecurity technologies to be deployed that meets agency’s business requirements and aligned with WOG-wide advisories and practices.
Ensure secure by design ICT product development, and that security controls implementations comply with the defined security policies, standards and guidelines.
Develop and maintain effective cybersecurity awareness and training programmes
Requirements:
Degree in Computer Science, Information Systems, Engineering or related Technology field.
At least 8-10 years of management experience related to information security and solid grasp of ICT operations, security policies, business processes and the relationship between them.
Ability to work with multi-functional, multi-disciplined teams to formulate, institute real time awareness of security posture and baseline among end users.
Good interpersonal and partner/executive leadership skills.
Demonstrate knowledge and experience in security by design implementations, review of system architecture, devsecops practices, Infrastructure as Code (IaC) tools and securing CI/CD pipelines.
Demonstrate understanding of cloud service models (IaaS, PaaS, SaaS), coupled with a strong understanding of core cloud services and modern cloud-native architectures (serverless, containers, microservices).
Identify on-premises and cloud-specific cybersecurity risks and threats, demonstrating skills to thoroughly assess their impact and likelihood. This assessment encompasses, but is not limited to, secure configurations, insider threats, vendor risks, data leakage, malwares including ransomware, account hijacking, and compliance risks.
Evaluate the effectiveness of existing controls and recommending appropriate mitigation strategies for on-premises and cloud-related cybersecurity and data security issues.
Display understanding of emerging threats and technologies, and the ability to translate risk into business impact.
Strong understanding of compliance requirements and the ability to identify potential violations in on-premises or cloud environments.
Able to communicate cyber security topics effectively to senior stakeholders.
Minimally possess CISSP certification, preferably with other related certifications, e.g. CISM, CCSP, GCIH that demonstrates continuous learning and knowledge of industry best practices.
We believe in being Agile, Bold and Collaborative, and are looking for people who identify with these values.
#J-18808-Ljbffr

Our client is a government agency which supports ICT delivery services. This is a leadership role that requires technical proficiency demonstrated in multiple cybersecurity domains.

Responsibilities:

• Lead the agency-level cybersecurity function in supporting agency digital transformation initiatives whilst ensuring digital resilience of agency systems.
• Formulate and implement agency cybersecurity strategies, policies and work plans, ensuring continuous alignment with agency's business strategic goals
• Review and enhance risk management through threat-based risk assessments, risk mitigations, risk monitoring and reporting.
• Provide consultation and endorse risk management and mitigation plans from agency’s project teams.
• Govern and enhance the agency's security posture by maintaining visibility and oversight of ICT assets, security architectures, and cybersecurity operations code of practices.
• Develop and maintain incident response plan and playbooks. This involves planning, designing and conduct of security incident response workshops and exercises (table-top exercises, simulation and drills) as well as lead the investigation and management of ICT security incidents.
• Provide advisory and recommendations on appropriate cybersecurity technologies to be deployed that meets agency’s business requirements and aligned with WOG-wide advisories and practices.
• Ensure secure by design ICT product development, and that security controls implementations comply with the defined security policies, standards and guidelines.
• Develop and maintain effective cybersecurity awareness and training programmes

Requirements:

• Degree in Computer Science, Information Systems, Engineering or related Technology field
• At least 8-10 years of management experience related to information security and solid grasp of ICT operations, security policies, business processes and the relationship between them.
• Ability to work with multi-functional, multi-disciplined teams to formulate, institute real time awareness of security posture and baseline among end users.
• Good interpersonal and partner/executive leadership skills.
• Demonstrate knowledge and experience in security by design implementations, review of system architecture, devsecops practices, Infrastructure as Code (IaC) tools and securing CI/CD pipelines
• Demonstrate understanding of cloud service models (IaaS, PaaS, SaaS), coupled with a strong understanding of core cloud services and modern cloud-native architectures (serverless, containers, microservices)
• Identify on-premises and cloud-specific cybersecurity risks and threats, demonstrating skills to thoroughly assess their impact and likelihood. This assessment encompasses, but is not limited to, secure configurations, insider threats, vendor risks, data leakage, malwares including ransomware, account hijacking, and compliance risks.
• Evaluate the effectiveness of existing controls and recommending appropriate mitigation strategies for on-premises and cloud-related cybersecurity and data security issues.
• Display understanding of emerging threats and technologies, and the ability to translate risk into business impact
• Strong understanding of compliance requirements and the ability to identify potential violations in on-premises or cloud environments.
• Able to communicate cyber security topics effectively to senior stakeholders.
• Minimally possess CISSP certification, preferably with other related certifications, e.g. CISM, CCSP, GCIH that demonstrates continuous learning and knowledge of industry best practices.
• We believe in being Agile, Bold and Collaborative, and are looking for people who identify with these values.

Responsibilities

• Produce cyber security strategies and work plan, policies, standards and guidelines
• Support digitalisation planning and aligning with ICT security strategy goals and policy baselines.
• Perform regular Gap analysis.
• Oversee ICT security matters (approving and tracking ICT security work plan and resourcing, monitoring performance in security indicators and risk acceptance decisions).
• Regular reviews of all ICT systems across different operating environments, the systems' security design, implementation and operations.
• Conduct Cybersecurity risk assessment and acceptance processes at the management level.
• Review, consult and endorse risk management and mitigation plans from project teams.
• Advise on cyber security solutions and technologies to be deployed suitable to business operations and aligned with WOG-wide advisories and practices.
• Ensure compliance to the defined security policies, standards and guidelines.
• Create and execute end user security awareness programmes
• Establish defined processes for Threat and Incident Management.
• Ownership of security incident response workshops and exercises (table-top exercises, simulation and drills)
• Lead investigation and management of ICT security incidents.

Requirement

• Degree in Computer Science, Information Systems, Engineering or a related Technology based education.
• Minimum 5 years of information security management experience
• Skilled in evaluating the effectiveness of existing controls and recommending appropriate mitigation strategies for on-premises and cloud-related cybersecurity and data security issues.
• Able to identify on-premises and cloud-specific cybersecurity risks and threats as well as potential violations in on-premises or cloud environments
• Able to collaborate with multi-functional, multi-disciplined teams to formulate, institute real time awareness of security posture and baseline among end users.
• Demonstrate skills to thoroughly assess cybersecurity risks/threats impact
• Solid grasp of ICT operations, security policies, business processes and the relationship between them.
• Knowledge or experience in Infrastructure as Code (IaC) tools such as Terraform and Ansible, including their application in maintaining and automating secure on-premises and cloud environments.
• Strong understanding of insider threats, vendor risks, data leakage, malwares including ransomware, account hijacking, and compliance risks.
• Strong understanding of compliance requirements
• Good interpersonal and partner/ executive leadership skills.
  CISSP/ CISM/ CISA certifications are advantageous.

Ethos Search Associates Pte. Ltd.

EA Licence No: 13C6655

EA Reg No: R Jacky Chong

• Strategic Security Leadership
• Lead, define and execute the organization's information security strategy, policies, andgovernance frameworks.
• Participate and provide regular updates in executive meetings and security-related boarddiscussions.
• Evaluate and recommend new security technologies, processes, and solutions.
• Risk Management & Compliance
• Oversee risk assessments, security audits, and penetration testing activities.
• Ensure compliance with relevant industry standards (e.g., ISO 27001, ISO 27017, ISO 27018,NIST CSF, CIS Controls) and regulatory requirements (e.g., GDPR, PDPA, HIPAA).
• Develop and maintain risk registers, ensuring timely mitigation and remediation actions.
• Incident Response & Threat Management
• Lead incident detection, response, and recovery activities in coordination with the SOC and ITteams.
• Manage post-incident reviews and ensure lessons learned are incorporated into futuresecurity measures.
• Monitor the threat landscape and ensure proactive measures against potential attacks.
• Security Operations Oversight
• Support the management of security operations centres (SOCs) and ensure effective use ofSIEM, EDR, and other monitoring tools.
• Oversee access control, data protection, and identity management programs.
• Collaborate with Project teams and DevSecOps teams to embed security in systemsdevelopment and infrastructure changes.
• Liaise with external vendors for source code scanning, penetration, vulnerability and securitytesting
• Work with QA teams to test for vulnerabilities in projects
• Conduct security audit and review for projects
• Recommend solutions to fix security issues
• Awareness & Training
• Drive organization-wide security awareness programs and phishing simulations.
• Provide guidance and mentorship to security and IT staff.
• Promote a culture of security across business units.

• Educational & Professional Qualifications:
• Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a relatedfield.
• Professional certifications such as CISSP, CISM, CISA, CRISC, OSCP, ISO 27001 LeadAuditor or equivalent are strongly preferred.
• Experience & Skills:
• Proven experience managing ISO frameworks and enterprise security tools (SIEM, EDR,IDS/IPS, firewalls).
• Experience with cloud security (AWS, Azure, GCP), network security, and applicationsecurity.
• Demonstrated experience in incident response, threat intelligence, and security governance.
• Proven experience in application and system vulnerability assessments.
• Hands-on experience with source code scanning, penetration testing, and security testingmethodologies.
• Familiarity with security tools and testing frameworks.
• Strong understanding of cybersecurity principles and best practices.
• Experience conducting security audits and reviews for various projects.
• Ability to analyze security issues and recommend effective solutions.
• Knowledge of ISO 27001 standards and involvement in ISO 27001 audits is desirable.
• Strong leadership, analytical, and communication skills to liaise with internal teams andexternal vendors.
• Strong problem-solving skills and attention to detail.
• Ability to work collaboratively in a project environment.
• Up-to-date knowledge of emerging security threats and technology trends.
• Good documentation and report-writing skills

Coinhako is a leading digital assets platform headquartered in Singapore.

Founded in 2014, Coinhako has established a reputation as being one of the most secure and trusted digital asset wallet service providers and trading platforms in the APAC market. Our team is deeply passionate about building the crypto economy in the APAC region. Through the launch of our innovative suite of products and services, Coinhako aims to empower individuals and businesses by allowing them to take ownership and control of the way they build and manage their assets in the new digital finance world.

In line with our expansion, we are looking for motivated individuals with a passion for the crypto space.

Your role:

• Design, implement, and maintain a secure and reliable cloud infrastructure platform.
• Analyzing and collecting data/metadata from cloud systems (IAM, VPC, Cloud audit log…) to determine the abnormal behavior/traffic of cloud systems.
• Develop, optimize, and automate the build and deployment processes for the provisioning application, using security and cloud best practices.
• Secured containerized applications and Kubernetes clusters (Vulnerability, Harderning, Network Policies).
• Reviewing and addressing cyber-security issues as well as proposed security solution and architecture.
• Performing research to stay abreast of new technologies and security vulnerabilities preferably in a distributed, cloud, or micro-service environment.

Our expectations:

• BA in Engineering, Computer Science or similar relevant field
• Minimum 15 years of experience in IT security
• Knowledge on secured public cloud deployments for infrastructure and applications running on the public cloud: GCP, AWS.
• Security Software and hardware, including but not only: Access Control systems, Controller panels, Reader, Server Video Management systems, Network video recorder, cloud based Video, Video analytic Tools Visitor management systems
• Deep understanding of the security integration industry in Asia

What's in for you:

• Friendly and fun start-up work culture
• Convenient work location located in the heart of CBD area
• Generous annual leaves on top of national holidays
• Medical coverage including GP, Specialist, TCM and more
• Self-care benefits and exciting fitness workshops/webinars
• Vibrant office with well-stocked pantry

Find out more about Coinhako here and don't forget to visit our Careers Page

Strategic Security Leadership

• Lead, define and execute the organization's information security strategy, policies, and governance frameworks.
• Participate and provide regular updates in executive meetings and security-related board discussions.
• Evaluate and recommend new security technologies, processes, and solutions.

Risk Management & Compliance

• Oversee risk assessments, security audits, and penetration testing activities.
• Ensure compliance with relevant industry standards (e.g., ISO 27001, ISO 27017, ISO 27018, NIST CSF, CIS Controls) and regulatory requirements (e.g., GDPR, PDPA, HIPAA).
• Develop and maintain risk registers, ensuring timely mitigation and remediation actions.

Incident Response & Threat Management

• Lead incident detection, response, and recovery activities in coordination with the SOC and IT teams.
• Manage post-incident reviews and ensure lessons learned are incorporated into future security measures.
• Monitor the threat landscape and ensure proactive measures against potential attacks.

Security Operations Oversight

• Support the management of security operations centres (SOCs) and ensure effective use of SIEM, EDR, and other monitoring tools.
• Oversee access control, data protection, and identity management programs.
• Collaborate with Project teams and DevSecOps teams to embed security in systems development and infrastructure changes.
• Liaise with external vendors for source code scanning, penetration, vulnerability and security testing
• Work with QA teams to test for vulnerabilities in projects
• Conduct security audit and review for projects
• Recommend solutions to fix security issues

Awareness & Training

• Drive organization-wide security awareness programs and phishing simulations.
• Provide guidance and mentorship to security and IT staff.
• Promote a culture of security across business units.

Requirements

Educational & Professional Qualifications:

• Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field.
• Professional certifications such as CISSP, CISM, CISA, CRISC, OSCP, ISO 27001 Lead Auditor or equivalent are strongly preferred.

Experience & Skills:

• Proven experience managing ISO frameworks and enterprise security tools (SIEM, EDR, IDS/IPS, firewalls).
• Experience with cloud security (AWS, Azure, GCP), network security, and application security.
• Demonstrated experience in incident response, threat intelligence, and security governance.
• Proven experience in application and system vulnerability assessments.
• Hands-on experience with source code scanning, penetration testing, and security testing methodologies.
• Familiarity with security tools and testing frameworks.
• Strong understanding of cybersecurity principles and best practices.
• Experience conducting security audits and reviews for various projects.
• Ability to analyze security issues and recommend effective solutions.
• Knowledge of ISO 27001 standards and involvement in ISO 27001 audits is desirable.
• Strong leadership, analytical, and communication skills to liaise with internal teams and external vendors.

Strategic Security Leadership

• Lead, define and execute the organization's information security strategy, policies, and governance frameworks.
• Participate and provide regular updates in executive meetings and security-related board discussions.
• Evaluate and recommend new security technologies, processes, and solutions.

Risk Management & Compliance

• Oversee risk assessments, security audits, and penetration testing activities.
• Ensure compliance with relevant industry standards (e.g., ISO 27001, ISO 27017, ISO 27018, NIST CSF, CIS Controls) and regulatory requirements (e.g., GDPR, PDPA, HIPAA).
• Develop and maintain risk registers, ensuring timely mitigation and remediation actions.

Incident Response & Threat Management

• Lead incident detection, response, and recovery activities in coordination with the SOC and IT teams.
• Manage post-incident reviews and ensure lessons learned are incorporated into future security measures.
• Monitor the threat landscape and ensure proactive measures against potential attacks.

Security Operations Oversight

• Support the management of security operations centres (SOCs) and ensure effective use of SIEM, EDR, and other monitoring tools.
• Oversee access control, data protection, and identity management programs.
• Collaborate with Project teams and DevSecOps teams to embed security in systems development and infrastructure changes.
• Liaise with external vendors for source code scanning, penetration, vulnerability and security testing
• Work with QA teams to test for vulnerabilities in projects
• Conduct security audit and review for projects
• Recommend solutions to fix security issues

Awareness & Training

• Drive organization-wide security awareness programs and phishing simulations.
• Provide guidance and mentorship to security and IT staff.
• Promote a culture of security across business units.

Requirements

Educational & Professional Qualifications:

• Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field.
• Professional certifications such as CISSP, CISM, CISA, CRISC, OSCP, ISO 27001 Lead Auditor or equivalent are strongly preferred.

Experience & Skills:

• Proven experience managing ISO frameworks and enterprise security tools (SIEM, EDR, IDS/IPS, firewalls).
• Experience with cloud security (AWS, Azure, GCP), network security, and application security.
• Demonstrated experience in incident response, threat intelligence, and security governance.
• Proven experience in application and system vulnerability assessments.
• Hands-on experience with source code scanning, penetration testing, and security testing methodologies.
• Familiarity with security tools and testing frameworks.
• Strong understanding of cybersecurity principles and best practices.
• Experience conducting security audits and reviews for various projects.
• Ability to analyze security issues and recommend effective solutions.
• Knowledge of ISO 27001 standards and involvement in ISO 27001 audits is desirable.
• Strong leadership, analytical, and communication skills to liaise with internal teams and external vendors.

The Pepperstone story started in 2010. We know what it’s like to trade the world’s markets. Our team describes us as a place for the curious and the driven, and we like to do things a little differently; as a transformative global fintech we’re digital, nimble, connected, and united in our vision to create a better way to trade. We thrive on progress – for our clients and for ourselves. Our organisational culture is ever-evolving, vibrant, diverse, global and results focused. You’ll find our 550+ team currently across 11 locations and 9 time zones.
The Role
A new chapter unfolds at Pepperstone as we mature our security team to create a pivotal leadership role - Chief Information Security Officer (CISO). This is more than a job; it’s an opportunity to shape the future of security for a global fintech innovator at the intersection of traditional and digital finance. You’ll be leading the charge, building the blueprint, and embedding a security-first mindset into every corner of our global operations.
The CISO will be responsible for building and executing a comprehensive cybersecurity strategy that safeguards our clients, platforms, and data across borders. You’ll work directly with the CTO and act as a trusted advisor to senior leadership and the Board with a particular focus on navigating the unique security challenges in the fintech and trading industry.
This is a hands-on, strategic, and highly visible role, ideal for someone who thrives on complexity, leads with clarity, and can turn security into a business enabler.
This role is based in either Melbourne or Singapore working from our local offices.
As our CISO, you will own:
Security Strategy & Leadership- Drive our global cybersecurity strategy, embed a security-first culture, and lead a team of 15 across key security domains.
Compliance & Risk Ensure compliance with global regulations (GDPR, MiCA, FATF, AML/KYC) and maintain a strong risk management framework.
Threat Intelligence & Response Build threat intel capabilities, lead incident response plans, and stay ahead of evolving attack vectors.
Security Architecture & Operations Oversee our SOC and design scalable, secure architecture across hybrid environments.
Data Protection Implement and enforce strong data privacy and DLP controls to safeguard sensitive data.
Vendor & Third-Party Security Assess and manage security risks across our vendor ecosystem.
Stakeholder Communication Advise ExCo and the board, and champion a security-aware culture across the business.
Proactive Security & Automation Lead red-teaming, threat hunting, and build security automation to stay one step ahead.
About you
10+ years in information security leadership, including experience as a CISO or Deputy CISO preferably in the financial services or fintech industry, with specific trading industry experience
Deep understanding of cybersecurity principles, frameworks, and technologies.
Proven experience in building and leading proactive security programs, including threat hunting, vulnerability research, and red teaming.
Track record of building and scaling global security programs across regulated environments
Strong familiarity with global regulatory frameworks related to Forex and trading
Proven ability to lead teams, influence cross-functional stakeholders, and communicate complex issues clearly
Comfortable getting hands-on when needed from tooling to threat modeling
A mindset focused on enablement, not just enforcement
Ability to work across time zones in a matrix environment
Ability to travel overseas as required ad hoc
Familiarity with security considerations in financial trading platforms and emerging digital assets will be highly regarded.
Knowledge of decentralised technologies, cryptographic protocols, or digital custody models is considered an advantage.
Experience working across both traditional and innovative market infrastructures is preferred.
Why you will enjoy working with us
Competitive salary structure including company bonus scheme
Genuinely collaborative and friendly culture
Flexible and hybrid working
Remote working option - work from anywhere for up to 6 weeks per year
Ongoing personal development & learning opportunities
3 paid volunteering days per year & Workplace Giving Program
Periodic recognition and reward programs for outstanding performance and achievements
Frequent events and celebrations
Employee Assistance Program & Wellbeing Initiatives
More about Pepperstone
We’re a regulated online Forex and CFD trading platform. With the scale of a global fintech and the agility of a start-up, we arm our clients with everything they need to take on the global markets with confidence. You will be part of a wider passionate and friendly team, and whilst things may not always go to plan, we learn quickly and move forward with impact. To learn even more visitand
We understand it’s important to do due diligence on a prospective employer, see what our team are saying on. We respect our team members’ experiences and will never pay to remove a negative review.
Pepperstone is an equal opportunity employer. We are passionate about building a diverse workplace and strongly encourage applications from any background.
“We are a 2025 Circle Back Initiative Employer – we respond to every applicant”.
We will be reviewing applications as they come through, so if this is an opportunity that excites you, don't wait. Express your interest by clicking the apply button below as soon as possible.
Note to external agencies: While we appreciate the efforts of external recruitment agencies, we prefer to engage directly with applicants for this opportunity.
#J-18808-Ljbffr

Position Summary

The Chief Information Security Officer (CISO) is the senior executive responsible for protecting the organization's information assets. This role leads the cybersecurity strategy, manages risk, and ensures compliance while aligning security initiatives with business goals.

About the role

• Strategy & Governance: Develop and execute the enterprise-wide information security strategy, policies, and roadmap.
• Risk Management: Identify, assess, and manage cyber risks and vulnerabilities.
• Compliance: Ensure the organization adheres to all relevant security regulations and industry standards
• Threat Response: Lead the security team in incident response, disaster recovery, and proactive threat intelligence.

Skills and experience required

• Minimum 10 years of experience in information security, and currently holding a CISO role
• Deep knowledge of cybersecurity frameworks, risk management, and security technologies.
• CISSP or CISM certification is highly preferred.

To apply online please use the apply function, alternatively you may contact Chloe Chen at chloe.chen(@)randstad.com.sg. (EA: 94C3609 /R )