370 Cism jobs in Singapore

Get AI-powered advice on this job and more exclusive features.

Direct message the job poster from Ambition

Overview:

Our client is seeking an experienced Information Security Manager to lead and strengthen their security operations. This role will focus on monitoring, detecting, and responding to cyber threats, managing security technologies, driving vulnerability management initiatives, and ensuring compliance with industry regulations. The position will work closely with IT, engineering, and risk management teams to maintain a secure and resilient environment.

Key Responsibilities:

1. Security Operations & Incident Response

• Lead and enhance the operations of the Security Operations Center (SOC), ensuring timely monitoring, detection, and incident response.
• Manage and optimize the use of SIEM, EDR, IDS/IPS, and other security technologies.
• Oversee the full incident response lifecycle, including investigation, containment, eradication, and recovery.
• Conduct post-incident reviews and implement continuous improvements.

2. Vulnerability & Threat Management

• Coordinate vulnerability scanning, penetration testing, and remediation activities.
• Stay informed of emerging threats and ensure proactive security measures are implemented.
• Partner with IT and engineering teams to address vulnerabilities and harden systems.

3. Security Compliance & Risk Management

• Ensure compliance with relevant regulatory frameworks (e.g., PCI DSS, MAS TRM, GDPR).
• Support internal and external audits, risk assessments, and regulatory reviews.
• Maintain and continuously update security policies, standards, and procedures

4. Security Awareness & Collaboration

• Lead security awareness and training initiatives across the organization.
• Collaborate with DevOps and engineering teams to embed security into CI/CD pipelines.
• Engage with external vendors, partners, and law enforcement on security-related matters.

Key Requirements:

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field.
• Minimum 5 years of experience in information security, with at least 2 years in a leadership or management role within security operations.
• Hands-on experience with security technologies such as SIEM (Splunk, Azure Sentinel), EDR, IDS/IPS, firewalls, and cloud security platforms (AWS, Azure, GCP).
• Strong understanding of threat intelligence, malware analysis, and forensic investigation tools.
• Knowledge of regulatory compliance frameworks, particularly within the financial services sector (PCI DSS, MAS TRM, GDPR).

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Information Services

Referrals increase your chances of interviewing at Ambition by 2x

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Our client is seeking an experienced Information Security Manager to lead and strengthen their cybersecurity operations across the region. This is a critical role where you will be responsible for managing the overall security operations framework — covering threat detection, incident response, vulnerability management, and compliance while working closely with IT, engineering, and risk stakeholders.

Key Responsibilities

1. Security Operations & Incident Management

• Lead the Security Operations Center (SOC) to monitor, detect, and respond to cybersecurity threats and incidents.

• anage security solutions such as SIEM, EDR, and IDS/IPS to enhance visibility and response capabilities.

• O ersee and coordinate incident response activities including investigation, containment, recovery, and post-incident review.

2. Vulnerability & Threat Management

• C nduct and manage regular vulnerability assessments and penetration testing.

• C llaborate with internal teams to ensure timely remediation of security gaps.

• T ack and assess evolving threats and proactively implement preventive measures.

3. Security Compliance & Risk Governance

• E sure compliance with relevant standards and frameworks such as PCI DSS, MAS TRM, and GDPR.

• S pport internal/external audits and regulatory reviews.

• M intain and update cybersecurity policies, standards, and documentation.

4. Training & Cross-Functional Collaboration

• D ive security awareness training across the organization.

• P rtner with DevOps/engineering teams to embed security practices into CI/CD pipelines.

• L aise with vendors, regulators, and external partners on security-related matters.

Key Requirements

• B chelor's degree in Cybersecurity, Computer Science, or a related discipline.

• A least 5 years of experience in cybersecurity, with 2+ years in a leadership or SOC management role.

• H nds-on experience with modern security tools including SIEM (Splunk, Sentinel), EDR, firewalls, and cloud security platforms (AWS, Azure, GCP).

• S lid knowledge of incident handling, threat intelligence, malware analysis, and digital forensics.

• F miliarity with financial sector regulations such as PCI DSS and MAS TRM is highly preferred.

• S rong leadership, stakeholder engagement, and communication skills.

Our client is seeking an experienced Information Security Manager to lead and strengthen their cybersecurity operations across the region. This is a critical role where you will be responsible for managing the overall security operations framework — covering threat detection, incident response, vulnerability management, and compliance while working closely with IT, engineering, and risk stakeholders.

Key Responsibilities

1. Security Operations & Incident Management

• Lead the Security Operations Center (SOC) to monitor, detect, and respond to cybersecurity threats and incidents.

• anage security solutions such as SIEM, EDR, and IDS/IPS to enhance visibility and response capabilities.

• O ersee and coordinate incident response activities including investigation, containment, recovery, and post-incident review.

2. Vulnerability & Threat Management

• C nduct and manage regular vulnerability assessments and penetration testing.

• C llaborate with internal teams to ensure timely remediation of security gaps.

• T ack and assess evolving threats and proactively implement preventive measures.

3. Security Compliance & Risk Governance

• E sure compliance with relevant standards and frameworks such as PCI DSS, MAS TRM, and GDPR.

• S pport internal/external audits and regulatory reviews.

• M intain and update cybersecurity policies, standards, and documentation.

4. Training & Cross-Functional Collaboration

• D ive security awareness training across the organization.

• P rtner with DevOps/engineering teams to embed security practices into CI/CD pipelines.

• L aise with vendors, regulators, and external partners on security-related matters.

Key Requirements

• B chelor's degree in Cybersecurity, Computer Science, or a related discipline.

• A least 5 years of experience in cybersecurity, with 2+ years in a leadership or SOC management role.

• H nds-on experience with modern security tools including SIEM (Splunk, Sentinel), EDR, firewalls, and cloud security platforms (AWS, Azure, GCP).

• S lid knowledge of incident handling, threat intelligence, malware analysis, and digital forensics.

• F miliarity with financial sector regulations such as PCI DSS and MAS TRM is highly preferred.

• S rong leadership, stakeholder engagement, and communication skills.

• Collaborate with various teams to ensure information security tools and monitoring systems comply with internal security policies and external regulatory requirements.
• Review and analyze periodic vulnerability scan reports; coordinate with relevant stakeholders to ensure timely remediation of identified risks. Monitor the deployment status of security patches, updates, document and manage exceptions across systems.
• Assess system hardening configurations and work with stakeholders to address gaps. Track compliance, document and manage exceptions.
• Collaborate with various teams to review user access for IT systems.
• Interpret data from information security tools and follow up with responsible teams to ensure appropriate remediation actions are taken.
• Ensure the accuracy and completeness of security metrics by collaborating with internal teams and stakeholders.
• Support and coordinate with the Group Information Security Team on strategic initiatives and ongoing security projects, new tool implementation, security assessments, and audits.
• Partner with business functions to promote cybersecurity awareness and deliver training programs to enhance employee understanding of security best practices.
• Perform other Information Security-related tasks and responsibilities as assigned.

• Diploma or Degree in IT, Computer Science, Cybersecurity or equivalent
• At least 5 years experience in information security or related fields.
• Relevant certifications (e.g. CISSP, CISM, CEH) or strong desire to obtain those certifications are advantageous.

• Strong analytical skills, attention to detail, and problem-solving abilities.
• Good understanding and hands-on exposure with different information security domains, especially governance, risk and compliance.
• Experience and knowledge of risk management process, identity and access management, gap assessment and audit, security vulnerabilities, system hardening, and cloud security.
• Sound knowledge of Information Security management frameworks and guidelines such as ISO 27001, NIST, PCI-DSS, CIS baselines & best practices.

Founded by Changpeng Zhao (CZ) in 2017, Binance is currently the largest cryptocurrency exchange in terms of daily volume. Binance is the core global exchange. However, Binance operates separate exchanges in some countries such as the US, UK, Singapore, and Turkey due to regulatory reasons.

Since Binance has global operations, the exchange does a lot of hiring on a regular basis. Being a market leader, Binance Jobs also come with significant perks. Most of the jobs are remote, with flexible working hours. Binance also offers health insurance, the option to be paid in crypto, and programs to develop your skills.

Binance is the leading global blockchain ecosystem and cryptocurrency infrastructure provider whose suite of financial products includes the world’s largest digital-asset exchange. Our mission is to accelerate cryptocurrency adoption and increase the freedom of money. If you’re looking for a fast-paced, mission-driven organization where opportunities to learn and excel are endless, then Binance is the place for you. We are seeking an Information Security Governance Manager to be responsible for implementing a comprehensive and consistent security governance and compliance strategy across the organization to protect and manage its technology and data related information security risks. The candidate will be responsible for coordinating, identifying gaps, providing guidance and establishing end to end security governance to ensure effective internal controls are implemented to achieve data privacy, security, reliability and resilience that meets compliance and local regulatory requirements.

• Support the delivery of global security governance and compliance strategies.
• Manage and maintain a security compliance framework across global entities that can align to Binance’s compliance and internal audits requirements.
• Develop, manage and maintain effective information security policies, processes, standards and procedures.
• Lead and support ISO 27001, PCI-DSS, SOC 2 Type 1/2 and other security compliance projects.
• Develop maturity model and track information security controls.
• Internal first point of contact for general security enquiries. Proactively approach and support internal stakeholders across global entities.
• Establish and maintain global security governance and compliance process.
• Respond to security questionnaires from internal/external security audits and organize/document the common answers and approaches for future audits.
• Facilitate security risk management within the business units.
• Establish and maintain information risk metrics to highlight information assets that have the highest risk exposure.
• Conduct regular reviews of remediation actions and report to business and technology senior management.

• Bachelor's degree or higher in information technology, cyber security or related field.
• 5+ years of experience in a security governance role.
• Strong leadership and excellent communication skills.
• Understanding of information risk, security control, data privacy related regulations (e.g. CCPA, SG PDPA, EU GDPR, China Cybersecurity law) within the financial services and banking industry.
• Strong knowledge and practical working experiences in delivering global projects of international data privacy and information security frameworks including NIST Cybersecurity & Privacy Framework, ISO 27001, ISO 27701, CIS, SOC 2 Type 1/2 Report, PCI-DSS and ISAE 3000.
• Demonstrable work experience delivering effective business and technical security solutions, processes, tools, and high performing teams.
• A good working knowledge of the latest information technology security trends and emerging threats is essential.
• Experience of implementing risk management principles and methodologies within a security or technology function.
• Good project management experience and skills.
• Strong analytical and problem-solving skills are a must-have.
• Having one of the below security or privacy qualifications is a plus - CISSP, CISM, CISA, CEH, SANS, CCSP, ISO 27001 Lead Auditor, IAPP CIPP / CIPM.
• An understanding of cloud infrastructure technologies and associated risks would be beneficial.

Working at Binance

• Be a part of the world’s leading blockchain ecosystem that continues to grow and offers excellent career development opportunities.
• Work alongside diverse, world-class talent in an environment where learning and growth opportunities are endless.
• Tackle fast-paced, challenging and unique projects.
• Work in a truly global organization, with international teams and a flat organizational structure.
• Competitive salary and benefits.
• Flexible working hours, remote-first, and casual work attire.

Learn more about how Binancians embody the organization’s core values , creating a unified culture that enables collaboration, excellence, and growth. Apply today to be a part of the Web3 revolution! Binance is committed to being an equal opportunity employer. We believe that having a diverse workforce is fundamental to our success. By submitting a job application, you confirm that you have read and agree to our Candidate Privacy Notice .

Role & Responsibilities:

1. KRI Development: Develop and implement Key Risk Indicators to monitor and report on the organization's cyber risk exposure.
2. Policy Development: Create and maintain cyber risk management policies and procedures to ensure compliance with regulatory requirements and industry standards.
3. Monitoring and Reporting: Continuously monitor cyber risk metrics and KRI performance, providing regular reports to senior management and stakeholders.
4. Training and Awareness: Develop and deliver training programs to raise awareness of cyber risks and promote best practices among employees.
5. Collaboration: Work closely with IT, security, and compliance teams to ensure a cohesive approach to cyber risk management.
6. Regulatory Compliance: Stay updated on relevant laws and regulations related to cyber risk and ensure the organization's practices align with these requirements.
7. Risk Mitigation Strategies: Recommend and implement strategies to mitigate identified cyber risks, including technical controls and process improvements.
8. Continuous Improvement: Foster a culture of continuous improvement in cyber risk management practices, leveraging lessons learned from incidents and assessments.

Requirements:

• Bachelor's degree in computer science related field
• Minimum of 6 years of experience in Information Security
• Certifications: CISM, CRISC, CISSP, CCSP or equivaluent
• Working experience with frameworks such as IM8, NIST, ISO2700K

Job Description / Requirements:

1. Bachelor’s Degree in Computer Science / Information Technology or its equivalent with 7-10 years of experience in banking sector of which at least 3 years of managerial experience in the areas of IT Governance, Risk and Compliance.

2. Possess professional certification in the domain of Information Security preferably Certified Information Systems Security Professional (CISSP).

3. Proficient in information security domains, including policies and standards, risk and control assessments, regulatory compliance, secure systems development lifecycle, access controls, vulnerability management, data protection, technology resiliency and governance metrics.

4. Ideally have fair understanding of retail and corporate banking processes and products desirably with professional certifications in banking domain.

5. Strong understanding and knowledge of industry best practices and frameworks pertaining to IT, IT Risk management methodologies, tools to manage IT risks, end point security, network security, encryption and key management, authentication and access control.

6. Maintain compliance with regulatory requirements including regulatory guidelines issued by MAS and RBI for management of technology risks.

7. Formulate, review and maintain centre specific IT policies, IT risk management framework, baselines, standards and procedures such that they continue to remain relevant, up to date and aligned with Head Office, regulatory and industry standards.

8. Engage with relevant stakeholders for conduct of IT Governance committee meetings and provide pertinent insights on key risks to senior management.

9. Collaborate with stakeholders across geographies for smooth conduct of BIA, BCP, DR exercises

10. Ability to take charge of Information Security events and incidents and work collaboratively with relevant stakeholders in line with the defined policies and processes.

11. Perform focused risk based reviews, log reviews, technology risk assessments of existing or new IT processes and systems, provide recommendations to improve processes by removing deficiencies and to put in place the right tools to reduce risks.

12. Experience across Core Banking operations, SDLC, Project Management and a fair understanding of cloud technologies will be advantageous.

13. Manage IT Risk Register, track remediation actions, deviations and risks.

14. Ensure adequate oversight over outsourced IT activities and manage third party risks.

15. Work with teams across geographies to resolve IT risk issues.

16. Manage audit end to end through collaboration with relevant stakeholders such as Head Office, regulators, internal/external auditors.

17. Foster strong IT risk aware culture across relevant teams.

18. Proactive mind-set, excellent problem solving capabilities, communication, presentation, and advisory skills.

19. Self-driven, ability to work independently or in a team and multitask.

20. The incumbent will not have any direct reports and must be able to work independently with minimal supervision.

We are assisting our reputable client, a healthcare group, in searching for an experienced Information Security professional to augment their existing team.

Responsibilities

1. Assist in Strategy Development and Project Security Consulting

• Provide support to the Head of Department in the development and implementation of robust cybersecurity strategies aligned with organizational objectives and regulatory mandates.
• Offer expertise and guidance in security consulting for various projects across hospitals, clinics, and corporate offices, ensure that cybersecurity checklists are completed, and ensure that considerations are integrated seamlessly into all stages of project planning and execution.
• Gather report, compile statistics, and deliver a presentation on threats detected and risk trends

2. Cybersecurity Project Management

• Lead and oversee security proof of concept (PoC) projects to evaluate and validate the effectiveness of new security technologies and solutions before full-scale implementation.
• Lead and manage cybersecurity projects, including the implementation of new security technologies, tools, and processes.

3. Threat Intelligence, Threat Hunting, and Proactive Monitoring

• Conduct proactive monitoring of internal alerts and emerging threats using existing security tools.
• Perform manual threat hunting to identify and address potential security risks promptly, and collaborate with partners to ensure that true positive is mitigated promptly.
• Continuously analyse and respond to security alerts, antivirus software, network detection and response systems, and external assets surface management (EASM) solutions.
• Keep up-to-date with the latest cybersecurity threats, trends, and technologies, with extra attention on Asia region and the healthcare sector.

4. Security Operations Management

• Oversee daily security operations, including monitoring, detection, incident response, and threat management. Ensure alerts raised from the Group Centre of Excellence (COE) are addressed and closed, especially alerts on endpoint detection and response (EDR).
• Perform annual evaluations of USB access controls to ensure that access controls are regularly reviewed and adjusted as needed to maintain endpoint security resilience.
• Ensure that all IT cybersecurity contracts are reviewed and renewed promptly to prevent service disruptions and maintain continuous protection of the company’s assets.
• Participate in and perform role-play scenarios during ad-hoc cyber drills exercise
• Work closely with the Group COE on cybersecurity-related tasks.

5. Incident Response Management

• Coordinate all aspects of incident response, from initial detection to resolution, encompassing investigation, containment, remediation, and reporting of security incidents.
• Conduct thorough pre- and post-incident analysis to identify root causes and contributing factors, and implement necessary improvements to prevent future occurrences.
• Collaborate closely with the Group SOC Team Lead to address any true positive cases, ensuring a timely and effective response to security incidents across the organization.

6. Vulnerability, Risk, and Penetration Test Management

• Review the execution of periodic/ad-hoc vulnerability and penetration tests within agreed scopes with the application owner. Ensure that test findings are promptly remediated before the project goes live with relevant stakeholders.
• Conduct quarterly VA security assessments with the Group COE VA Team to ensure applications are compliant with industry best practices. (i.e: NIST, ISO27001). Manage the identification, assessment, and mitigation of security vulnerabilities and risks. Ensure critical and high findings are addressed within the specified timeline.
• Assist Group COE during the annual exercise on Dynamic Assessment Security Testing (DAST) and security configuration reviews. Work closely with respective stakeholders for information gathering and remediation fixes within the specified timeline.
• Prepare quarterly risk statistics and trends both for in-country and group levels.

7. Regulatory Compliance and Audits

• Ensure the company’s compliance with relevant cybersecurity regulations and standards (e.g., PII, PCIDSS).
• Prepare and participate in security audits and assessments, both internally and externally.
• Engage stakeholders to address the audit findings promptly, facilitating discussions and providing necessary guidance and support.
• Follow up with stakeholders to ensure the timely resolution of identified issues and alignment with established policies and standards.
• Work with the Group COE governance and compliance team to refine policies and standards based on Singapore regulations and hardening baselines based on industry best practices.

Requirements:

• Cybersecurity and IT Risk management professional certificates from ISC2 or ISACA are preferred
• Minimum 5 years, in a combination of multi-disciplinary IT/Security Operations with minimum of 3 years in cybersecurity.
• Experience and knowledge of cybersecurity threats, tools, and best practices (e.g. ISO270001, NIST).
• Experience and knowledge of cloud security are preferred.
• Experience and understanding of IT operations and processes.
• Understanding of Hospital Information systems will be advantageous, especially in Singapore healthcare.
• Knowledge and experience in applying software patches based on product company advisories, e.g. Microsoft security patches.
• Experience in working for a demanding security operations Centre with multiple tracks
• Knowledge of Security Standards and Frameworks, including MITRE & ATT&CK, ISO 27001:2013, Data Protection etc
• Proficient in Information Security Management Systems (ISMS), cybersecurity, and technology risk management
• Experience in working with third-party vendors and vendor management
• Proficient in working with vendors for the successful implementation of large turnkey projects with due diligence, risk management, and quality ensured