377 Cism jobs in Singapore

Posted 29 July 2025 Salary S$ - S$ per annum + Variable Bonus Location Singapore Job type Permanent Discipline Technology Reference _

Our client is seeking an experienced Information Security Manager to lead and strengthen their security operations. This role will focus on monitoring, detecting, and responding to cyber threats, managing security technologies, driving vulnerability management initiatives, and ensuring compliance with industry regulations. The position will work closely with IT, engineering, and risk management teams to maintain a secure and resilient environment.

Key Responsibilities:

1. Security Operations & Incident Response

• Lead and enhance the operations of the Security Operations Center (SOC), ensuring timely monitoring, detection, and incident response.
• Manage and optimize the use of SIEM, EDR, IDS/IPS, and other security technologies.
• Oversee the full incident response lifecycle, including investigation, containment, eradication, and recovery.
• Conduct post-incident reviews and implement continuous improvements.

2. Vulnerability & Threat Management

• Coordinate vulnerability scanning, penetration testing, and remediation activities.
• Stay informed of emerging threats and ensure proactive security measures are implemented.
• Partner with IT and engineering teams to address vulnerabilities and harden systems.

3. Security Compliance & Risk Management

• Ensure compliance with relevant regulatory frameworks (e.g., PCI DSS, MAS TRM, GDPR).
• Support internal and external audits, risk assessments, and regulatory reviews.
• Maintain and continuously update security policies, standards, and procedures

4. Security Awareness & Collaboration

• Lead security awareness and training initiatives across the organization.
• Collaborate with DevOps and engineering teams to embed security into CI/CD pipelines.
• Engage with external vendors, partners, and law enforcement on security-related matters.

Key Requirements:

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field.
• Minimum 5 years of experience in information security, with at least 2 years in a leadership or management role within security operations.
• Hands-on experience with security technologies such as SIEM (Splunk, Azure Sentinel), EDR, IDS/IPS, firewalls, and cloud security platforms (AWS, Azure, GCP).
• Strong understanding of threat intelligence, malware analysis, and forensic investigation tools.
• Knowledge of regulatory compliance frameworks, particularly within the financial services sector (PCI DSS, MAS TRM, GDPR).

If this job isn't quite right for you, but you know someone who would be great at this role, why not take advantage of our referral scheme? We offer SGD1,000 or SGD350 in shopping vouchers for every referred candidate who we place in a role. Terms & Conditions Apply.

Founded by Changpeng Zhao (CZ) in 2017, Binance is currently the largest cryptocurrency exchange in terms of daily volume. Binance is the core global exchange. However, Binance operates separate exchanges in some countries such as the US, UK, Singapore, and Turkey due to regulatory reasons.

Since Binance has global operations, the exchange does a lot of hiring on a regular basis. Being a market leader, Binance Jobs also come with significant perks. Most of the jobs are remote, with flexible working hours. Binance also offers health insurance, the option to be paid in crypto, and programs to develop your skills.

Binance is the leading global blockchain ecosystem and cryptocurrency infrastructure provider whose suite of financial products includes the world’s largest digital-asset exchange. Our mission is to accelerate cryptocurrency adoption and increase the freedom of money. If you’re looking for a fast-paced, mission-driven organization where opportunities to learn and excel are endless, then Binance is the place for you. We are seeking an Information Security Governance Manager to be responsible for implementing a comprehensive and consistent security governance and compliance strategy across the organization to protect and manage its technology and data related information security risks. The candidate will be responsible for coordinating, identifying gaps, providing guidance and establishing end to end security governance to ensure effective internal controls are implemented to achieve data privacy, security, reliability and resilience that meets compliance and local regulatory requirements.

• Support the delivery of global security governance and compliance strategies.
• Manage and maintain a security compliance framework across global entities that can align to Binance’s compliance and internal audits requirements.
• Develop, manage and maintain effective information security policies, processes, standards and procedures.
• Lead and support ISO 27001, PCI-DSS, SOC 2 Type 1/2 and other security compliance projects.
• Develop maturity model and track information security controls.
• Internal first point of contact for general security enquiries. Proactively approach and support internal stakeholders across global entities.
• Establish and maintain global security governance and compliance process.
• Respond to security questionnaires from internal/external security audits and organize/document the common answers and approaches for future audits.
• Facilitate security risk management within the business units.
• Establish and maintain information risk metrics to highlight information assets that have the highest risk exposure.
• Conduct regular reviews of remediation actions and report to business and technology senior management.

• Bachelor's degree or higher in information technology, cyber security or related field.
• 5+ years of experience in a security governance role.
• Strong leadership and excellent communication skills.
• Understanding of information risk, security control, data privacy related regulations (e.g. CCPA, SG PDPA, EU GDPR, China Cybersecurity law) within the financial services and banking industry.
• Strong knowledge and practical working experiences in delivering global projects of international data privacy and information security frameworks including NIST Cybersecurity & Privacy Framework, ISO 27001, ISO 27701, CIS, SOC 2 Type 1/2 Report, PCI-DSS and ISAE 3000.
• Demonstrable work experience delivering effective business and technical security solutions, processes, tools, and high performing teams.
• A good working knowledge of the latest information technology security trends and emerging threats is essential.
• Experience of implementing risk management principles and methodologies within a security or technology function.
• Good project management experience and skills.
• Strong analytical and problem-solving skills are a must-have.
• Having one of the below security or privacy qualifications is a plus - CISSP, CISM, CISA, CEH, SANS, CCSP, ISO 27001 Lead Auditor, IAPP CIPP / CIPM.
• An understanding of cloud infrastructure technologies and associated risks would be beneficial.

Working at Binance

• Be a part of the world’s leading blockchain ecosystem that continues to grow and offers excellent career development opportunities.
• Work alongside diverse, world-class talent in an environment where learning and growth opportunities are endless.
• Tackle fast-paced, challenging and unique projects.
• Work in a truly global organization, with international teams and a flat organizational structure.
• Competitive salary and benefits.
• Flexible working hours, remote-first, and casual work attire.

Learn more about how Binancians embody the organization’s core values , creating a unified culture that enables collaboration, excellence, and growth. Apply today to be a part of the Web3 revolution! Binance is committed to being an equal opportunity employer. We believe that having a diverse workforce is fundamental to our success. By submitting a job application, you confirm that you have read and agree to our Candidate Privacy Notice .

We are seeking highly-motivated individuals with professional experience to join our team as Risk Manager / Information Security Risk Manager, Risk Management .

ERGO Insurance Pte. Ltd. is a registered general insurer regulated by the Monetary Authority of Singapore. We are a wholly owned Singapore subsidiary of ERGO Group AG, one of the major insurance groups in Germany and Europe, and we are the primary insurance arm of Munich Re, one of the leading reinsurers and risk carriers worldwide.

There are countless good reasons to pick ERGO as an Employer.

No matter where you are in your career, we offer various development opportunities in all departments at all levels.

You’ll experience a fair and open-minded culture where every employee is trusted and valued.

We support you on your career path. Professional development is a central part of our philosophy: we give all our staff the opportunity to develop, both personally and professionally.

If you have a strong passion to succeed and aspire to join a company that can offer you an interesting and diverse career, we look forward to meeting you!

Requirements :

To be successful in this role, you will possess the following experience, knowledge and skills:

• Degree in Information Security, Computer Science or IT preferred
• 5+ years of relevant work experience (Information Security Officer, IT Auditor etc.)
• Industry qualifications such as CRISC, CISSP, CISA, COBIT, ITIL would be an advantage
• Familiarity with the applicable information security regulations in Singapore, e.g., MAS TRM Guidelines, would be an advantage
• Experience in working with multitude of stakeholders and teams

Job description

Information Security Risk Management (50%)

• Work with stakeholders to implement the ERGO Group Information Security frameworks for the Company, including all related policies and guidelines. There will be guidance from ERGO Group’s Information Security team.
• Conduct gap analysis with Group framework or Singapore regulatory requirements and work with the first line to close the gaps.
• Support the identification, assessment, and prioritization of information security threats and work with relevant stakeholders to improve controls.
• Conduct/review security risk assessments and provide guidance to asset owners in terms of protection needs analysis and liaison with IT to ensure that these protections are implemented.
• Prepare regular updates to management and the Segment / Group’s CISO on information security risks, mitigation actions, progress of security measures implementation, key information security incidents, and risk assessments.
• Assess and challenge the first line-of-defense’s measures and activities and participate in first-line projects as necessary to provide second-line-of-defence oversight.
• Work with the first line of defence to co-ordinate and support internal and external information security-related audits.
• Be the designated Information Security Risk Manager of the company.

Management of Other Risks (50%)

Assist Chief Risk Officer (CRO) to implement an effective Business Continuity Management (BCM) framework for the Company, including (but not limited to) the following:

• BCM – Establish and co-ordinate with stakeholders to update the Company’s key BCM documents, e.g. the Business Impact Analysis, Business Continuity Plan (BCP) and Emergency Management Plan
• BCM - Assist in the development and execution of BCP tests, exercises, remediation of gaps, and attestations
• BCM - Carry out / organize BCM training for relevant stakeholders
• Be part of the Risk Management function and work with the Chief Risk Officer on other risk topics as required such as Third Party Risk Management and Operational Risk Control System.

Contact : career at ergo.com.sg

The Engineering and Technology team is at the core of the Shopee platform development. The team is made up of a group of passionate engineers from all over the world, striving to build the best systems with the most suitable technologies. Our engineers do not merely solve problems at hand; We build foundations for a long-lasting future. We don't limit ourselves on what we can or can't do; we take matters into our own hands even if it means drilling down to the bottom layer of the computing platform. Shopee's hyper-growing business scale has transformed most "innocent" problems into huge technical challenges, and there is no better place to experience it first-hand if you love technologies as much as we do.

• Drive the planning, execution, and monitoring of information security projects.
• Track project progress, identify risks, and develop mitigation strategies.
• Coordinate with project stakeholders, including security engineers, developers and SREs.
• Collaborate with IT compliance to address compliance-related issues and ensure that projects are aligned with regulatory requirements.
• Analyse existing processes, identify areas for improvement, optimise workflows, and implement changes.

• Bachelor's degree or higher in Computer Science, Information Security, or a related field.
• Strong project management skills, including planning, organising, and time management.
• Excellent communication and interpersonal skills.
• Demonstrates a keen interest in, and understanding of information security or cybersecurity.
• Self-driven with the ability to work independently and as part of a team.

Primary Objectives of Position

Manage security operation to ensure the safe use of IT systems and assets as well as protect against cybersecurity threats.

Manage various stages of projects in conception and initiation, planning, execution, performance/ monitoring, and project closure.

Job Responsibilities

• Establish, implement and maintain a sustainable information security framework that effectively addresses evolving and diverse cybersecurity threats.
• Perform risk assessments on Information, Operational and Assistive Technologies for vulnerabilities and implement security controls to reduce identified risks to an acceptable level.
• Monitor security alerts/ logs from IT systems, network and applications against baselines and gather publicly available information to identify precursors or indicators of cybersecurity attacks.
• Contain and eradicate cybersecurity incident effectively to prevent recurrence and restore systems and recover normal operations as quickly as possible.
• Hold lessons learned meetings to help improve security measures and incident handling process.
• Publish security advisories, conduct security workshops and share lessons learned to improve users’ awareness regarding cybersecurity matters.
• Perform information security audits to determine security violations and inefficiencies and recommend effective security controls.
• Oversee information security investigations with internal team, funders and local authorities and/ or 3rd party providers.
• Participate in various meetings and share compliance/ performance reports and audit findings to Management teams.
• Undertake information security related projects.

The above activities are no means exhaustive and are subjected to amendment whenever is needed .

Job Specifications

Minimum Education / Qualifications

• Degree in Information systems or equivalent

Minimum Years of Relevant Experience

• 2 or more years’ experiences in setting up and managing information security operations.

Knowledge/Skills

• Familiar with ISO27001 ISMS, NIST and/ or CIS frameworks.
• Experiences in incident handling and understanding in digital forensic investigation, tools and processes.
• Experiences in security protections, practices or solutions like Firewall, IDS/ IPS, DLP, WAF, NAC, WiFi security, encryption, patch management, etc.
• CISA, CISM, CISSP and/ or PMP certifications will be an advantage.
• Knowledgeable in Microsoft Office and other Windows and web applications.

Attributes (functional or leadership competencies)

• Meticulous and hands on.
• Excellent communication and written skills.
• Strong analytical and problem-solving skills.
• Team player with excellent interpersonal skills and multi-tasker.
• Customer-centric and proactive

• Establish, implement and maintain a sustainable information security framework that effectively addresses evolving and diverse cybersecurity threats.
• Perform risk assessments on Information, Operational and Assistive Technologies for vulnerabilities and implement security controls to reduce identified risks to an acceptable level.
• Monitor security alerts/ logs from IT systems, network and applications against baselines and gather publicly available information to identify precursors or indicators of cybersecurity attacks.
• Contain and eradicate cybersecurity incident effectively to prevent recurrence and restore systems and recover normal operations as quickly as possible.
• Hold lessons learned meetings to help improve security measures and incident handling process.
• Publish security advisories, conduct security workshops and share lessons learned to improve users' awareness regarding cybersecurity matters.
• Perform information security audits to determine security violations and inefficiencies and recommend effective security controls.
• Oversee information security investigations with internal team, funders and local authorities and/ or 3rd party providers.
• Participate in various meetings and share compliance/ performance reports and audit findings to Management teams.
• Undertake information security related projects.

• Degree in Information systems or equivalent

• 2 or more years' experiences in setting up and managing information security operations.

• Familiar with ISO27001 ISMS, NIST and/ or CIS frameworks.
• Experiences in incident handling and understanding in digital forensic investigation, tools and processes.
• Experiences in security protections, practices or solutions like Firewall, IDS/ IPS, DLP, WAF, NAC, WiFi security, encryption, patch management, etc.
• CISA, CISM, CISSP and/ or PMP certifications will be an advantage.
• Knowledgeable in Microsoft Office and other Windows and web applications.

• Meticulous and hands on.
• Excellent communication and written skills.
• Strong analytical and problem-solving skills.
• Team player with excellent interpersonal skills and multi-tasker.
• Customer-centric and proactive

Primary Objectives of Position

Manage security operation to ensure the safe use of IT systems and assets as well as protect against cybersecurity threats.

Manage various stages of projects in conception and initiation, planning, execution, performance/ monitoring, and project closure.

Job Responsibilities

• Establish, implement and maintain a sustainable information security framework that effectively addresses evolving and diverse cybersecurity threats.
• Perform risk assessments on Information, Operational and Assistive Technologies for vulnerabilities and implement security controls to reduce identified risks to an acceptable level.
• Monitor security alerts/ logs from IT systems, network and applications against baselines and gather publicly available information to identify precursors or indicators of cybersecurity attacks.
• Contain and eradicate cybersecurity incident effectively to prevent recurrence and restore systems and recover normal operations as quickly as possible.
• Hold lessons learned meetings to help improve security measures and incident handling process.
• Publish security advisories, conduct security workshops and share lessons learned to improve users’ awareness regarding cybersecurity matters.
• Perform information security audits to determine security violations and inefficiencies and recommend effective security controls.
• Oversee information security investigations with internal team, funders and local authorities and/ or 3rd party providers.
• Participate in various meetings and share compliance/ performance reports and audit findings to Management teams.
• Undertake information security related projects.

The above activities are no means exhaustive and are subjected to amendment whenever is needed .

Job Specifications

Minimum Education / Qualifications

• Degree in Information systems or equivalent

Minimum Years of Relevant Experience

• 2 or more years’ experiences in setting up and managing information security operations.

Knowledge/Skills

• Familiar with ISO27001 ISMS, NIST and/ or CIS frameworks.
• Experiences in incident handling and understanding in digital forensic investigation, tools and processes.
• Experiences in security protections, practices or solutions like Firewall, IDS/ IPS, DLP, WAF, NAC, WiFi security, encryption, patch management, etc.
• CISA, CISM, CISSP and/ or PMP certifications will be an advantage.
• Knowledgeable in Microsoft Office and other Windows and web applications.

Attributes (functional or leadership competencies)

• Meticulous and hands on.
• Excellent communication and written skills.
• Strong analytical and problem-solving skills.
• Team player with excellent interpersonal skills and multi-tasker.
• Customer-centric and proactive

At