812 Information Security Manager jobs in Singapore

Overview
BIPO: Shaping the Future of HR with Innovation and Global Reach
At BIPO, we are a global leader in HR services, offering innovative solutions that empower businesses to streamline and scale their operations effortlessly. Our award-winning cloud-based Human Resource Management System (HRMS) revolutionizes HR processes, making them simpler, more efficient, and cost-effective. By staying at the forefront of digital transformation, we help companies remain agile in a rapidly changing world.
Our comprehensive suite of services—including Payroll Outsourcing, Attendance Automation, HR Consulting, Recruitment & Business Process Outsourcing, and Flexible Employee Management—are designed to modernize HR functions, allowing businesses to focus on growth while we manage their HR complexities.
Why Join BIPO?
What sets BIPO apart is our dynamic, fast-paced culture where innovation thrives. We foster a work environment that values collaboration, creativity, and adaptability. Joining BIPO means being part of a global team thats passionate about pushing boundaries and shaping the future of HR. Our diverse workforce spans over 40 countries, and our APAC headquarters in Singapore, along with R&D centers in Singapore, Shanghai, Indonesia, and Malaysia, serve as the driving force behind our growth and innovation.
Since our founding in 2004, BIPO has cultivated a vast global network, delivering cutting-edge HR solutions across more than 40 countries. As we continue to grow and innovate, we’re seeking talented, ambitious individuals to join us on this exciting journey. At BIPO, you’ll have the opportunity to make a real impact, work with forward-thinking professionals, and help shape the future of HR. The possibilities are limitless—discover how you can grow with BIPO and be part of our global success story!
Responsibilities
Lead compliance audit activities (SOC, ISO 27001) for BIPO Singapore, Hong Kong, and China
Lead internal audit activities, IT security compliance projects/activities
Lead staff information security awareness training, phishing campaigns
Lead incident response to security and data breach incidents and cyber security incident response exercises
Formulation, review, and update of information security-related company policies
Support the business team in responding to customer's questionnaires and RFP, for IT security area.
Manage security of IT systems, review of security logs, reporting IT systems security posture
Lead IT security/compliance projects and operations, work with IT Infra Manager and IT infra team (e.g. annual penetration testing by external vendor)
Formulating security checklists/guidelines for BIPO products and servers.
Performs other duties as assigned related to information security/compliance.
Skills And Experience We Value
Bachelor's degree in Information Technology or equivalent field of study
Experienced in all or most of these: ISO 27001 implementation and/or maintenance, information security audit, security incident response, leading cyber security tabletop exercise, IT security policies, endpoint security, vulnerability scans/management, attack surface management, third-party risk management, SIEM, data loss prevention, managing security baselines for servers and endpoints, user security awareness training, penetration testing coordination with external vendor. Experience in cloud computing and Microsoft Azure AD/Office 365 security advantageous.
Background in IT operations advantageous (e.g., server administration, network/system security, disaster recovery, system high availability, backup operations, system monitoring, storage administration, change management, patch management).
Strong English writing skills, effective communication skills in business environment in Chinese and English.
Good project management skills, problem-solving skills, and documentation skills.
Responsible, resourceful, result oriented.
Able to respond to critical security alerts and be contactable for urgent issues outside office hours.
Professional certifications in information security/IT internal audit advantageous.
Strong command of the Chinese language is required to effectively communicate with Mandarin-speaking stakeholders.
Seniority level
Executive
Employment type
Full-time
Job function
Information Technology, Consulting, and Accounting/Auditing
Industries
Human Resources Services
#J-18808-Ljbffr

We are seeking highly-motivated individuals with professional experience to join our team as Risk Manager / Information Security Risk Manager, Risk Management .

ERGO Insurance Pte. Ltd. is a registered general insurer regulated by the Monetary Authority of Singapore. We are a wholly owned Singapore subsidiary of ERGO Group AG, one of the major insurance groups in Germany and Europe, and we are the primary insurance arm of Munich Re, one of the leading reinsurers and risk carriers worldwide.

There are countless good reasons to pick ERGO as an Employer.

No matter where you are in your career, we offer various development opportunities in all departments at all levels.

You’ll experience a fair and open-minded culture where every employee is trusted and valued.

We support you on your career path. Professional development is a central part of our philosophy: we give all our staff the opportunity to develop, both personally and professionally.

If you have a strong passion to succeed and aspire to join a company that can offer you an interesting and diverse career, we look forward to meeting you!

Requirements :

To be successful in this role, you will possess the following experience, knowledge and skills:

• Degree in Information Security, Computer Science or IT preferred
• 5+ years of relevant work experience (Information Security Officer, IT Auditor etc.)
• Industry qualifications such as CRISC, CISSP, CISA, COBIT, ITIL would be an advantage
• Familiarity with the applicable information security regulations in Singapore, e.g., MAS TRM Guidelines, would be an advantage
• Experience in working with multitude of stakeholders and teams

Job description

Information Security Risk Management (50%)

• Work with stakeholders to implement the ERGO Group Information Security frameworks for the Company, including all related policies and guidelines. There will be guidance from ERGO Group’s Information Security team.
• Conduct gap analysis with Group framework or Singapore regulatory requirements and work with the first line to close the gaps.
• Support the identification, assessment, and prioritization of information security threats and work with relevant stakeholders to improve controls.
• Conduct/review security risk assessments and provide guidance to asset owners in terms of protection needs analysis and liaison with IT to ensure that these protections are implemented.
• Prepare regular updates to management and the Segment / Group’s CISO on information security risks, mitigation actions, progress of security measures implementation, key information security incidents, and risk assessments.
• Assess and challenge the first line-of-defense’s measures and activities and participate in first-line projects as necessary to provide second-line-of-defence oversight.
• Work with the first line of defence to co-ordinate and support internal and external information security-related audits.
• Be the designated Information Security Risk Manager of the company.

Management of Other Risks (50%)

Assist Chief Risk Officer (CRO) to implement an effective Business Continuity Management (BCM) framework for the Company, including (but not limited to) the following:

• BCM – Establish and co-ordinate with stakeholders to update the Company’s key BCM documents, e.g. the Business Impact Analysis, Business Continuity Plan (BCP) and Emergency Management Plan
• BCM - Assist in the development and execution of BCP tests, exercises, remediation of gaps, and attestations
• BCM - Carry out / organize BCM training for relevant stakeholders
• Be part of the Risk Management function and work with the Chief Risk Officer on other risk topics as required such as Third Party Risk Management and Operational Risk Control System.

Contact : career at ergo.com.sg

Founded by Changpeng Zhao (CZ) in 2017, Binance is currently the largest cryptocurrency exchange in terms of daily volume. Binance is the core global exchange. However, Binance operates separate exchanges in some countries such as the US, UK, Singapore, and Turkey due to regulatory reasons.

Since Binance has global operations, the exchange does a lot of hiring on a regular basis. Being a market leader, Binance Jobs also come with significant perks. Most of the jobs are remote, with flexible working hours. Binance also offers health insurance, the option to be paid in crypto, and programs to develop your skills.

Binance is the leading global blockchain ecosystem and cryptocurrency infrastructure provider whose suite of financial products includes the world’s largest digital-asset exchange. Our mission is to accelerate cryptocurrency adoption and increase the freedom of money. If you’re looking for a fast-paced, mission-driven organization where opportunities to learn and excel are endless, then Binance is the place for you. We are seeking an Information Security Governance Manager to be responsible for implementing a comprehensive and consistent security governance and compliance strategy across the organization to protect and manage its technology and data related information security risks. The candidate will be responsible for coordinating, identifying gaps, providing guidance and establishing end to end security governance to ensure effective internal controls are implemented to achieve data privacy, security, reliability and resilience that meets compliance and local regulatory requirements.

• Support the delivery of global security governance and compliance strategies.
• Manage and maintain a security compliance framework across global entities that can align to Binance’s compliance and internal audits requirements.
• Develop, manage and maintain effective information security policies, processes, standards and procedures.
• Lead and support ISO 27001, PCI-DSS, SOC 2 Type 1/2 and other security compliance projects.
• Develop maturity model and track information security controls.
• Internal first point of contact for general security enquiries. Proactively approach and support internal stakeholders across global entities.
• Establish and maintain global security governance and compliance process.
• Respond to security questionnaires from internal/external security audits and organize/document the common answers and approaches for future audits.
• Facilitate security risk management within the business units.
• Establish and maintain information risk metrics to highlight information assets that have the highest risk exposure.
• Conduct regular reviews of remediation actions and report to business and technology senior management.

• Bachelor's degree or higher in information technology, cyber security or related field.
• 5+ years of experience in a security governance role.
• Strong leadership and excellent communication skills.
• Understanding of information risk, security control, data privacy related regulations (e.g. CCPA, SG PDPA, EU GDPR, China Cybersecurity law) within the financial services and banking industry.
• Strong knowledge and practical working experiences in delivering global projects of international data privacy and information security frameworks including NIST Cybersecurity & Privacy Framework, ISO 27001, ISO 27701, CIS, SOC 2 Type 1/2 Report, PCI-DSS and ISAE 3000.
• Demonstrable work experience delivering effective business and technical security solutions, processes, tools, and high performing teams.
• A good working knowledge of the latest information technology security trends and emerging threats is essential.
• Experience of implementing risk management principles and methodologies within a security or technology function.
• Good project management experience and skills.
• Strong analytical and problem-solving skills are a must-have.
• Having one of the below security or privacy qualifications is a plus - CISSP, CISM, CISA, CEH, SANS, CCSP, ISO 27001 Lead Auditor, IAPP CIPP / CIPM.
• An understanding of cloud infrastructure technologies and associated risks would be beneficial.

Working at Binance

• Be a part of the world’s leading blockchain ecosystem that continues to grow and offers excellent career development opportunities.
• Work alongside diverse, world-class talent in an environment where learning and growth opportunities are endless.
• Tackle fast-paced, challenging and unique projects.
• Work in a truly global organization, with international teams and a flat organizational structure.
• Competitive salary and benefits.
• Flexible working hours, remote-first, and casual work attire.

Learn more about how Binancians embody the organization’s core values , creating a unified culture that enables collaboration, excellence, and growth. Apply today to be a part of the Web3 revolution! Binance is committed to being an equal opportunity employer. We believe that having a diverse workforce is fundamental to our success. By submitting a job application, you confirm that you have read and agree to our Candidate Privacy Notice .

Founded by Changpeng Zhao (CZ) in 2017, Binance is currently the largest cryptocurrency exchange in terms of daily volume. Binance is the core global exchange. However, Binance operates separate exchanges in some countries such as the US, UK, Singapore, and Turkey due to regulatory reasons.
Since Binance has global operations, the exchange does a lot of hiring on a regular basis. Being a market leader,
Binance Jobs
also come with significant perks. Most of the jobs are remote, with flexible working hours. Binance also offers health insurance, the option to be paid in crypto, and programs to develop your skills.
Binance is the leading global blockchain ecosystem and cryptocurrency infrastructure provider whose suite of financial products includes the world’s largest digital-asset exchange. Our mission is to accelerate cryptocurrency adoption and increase the freedom of money. If you’re looking for a fast-paced, mission-driven organization where opportunities to learn and excel are endless, then Binance is the place for you. We are seeking an Information Security Governance Manager to be responsible for implementing a comprehensive and consistent security governance and compliance strategy across the organization to protect and manage its technology and data related information security risks. The candidate will be responsible for coordinating, identifying gaps, providing guidance and establishing end to end security governance to ensure effective internal controls are implemented to achieve data privacy, security, reliability and resilience that meets compliance and local regulatory requirements.
Responsibilities
Support the delivery of global security governance and compliance strategies.
Manage and maintain a security compliance framework across global entities that can align to Binance’s compliance and internal audits requirements.
Develop, manage and maintain effective information security policies, processes, standards and procedures.
Lead and support ISO 27001, PCI-DSS, SOC 2 Type 1/2 and other security compliance projects.
Develop maturity model and track information security controls.
Internal first point of contact for general security enquiries. Proactively approach and support internal stakeholders across global entities.
Establish and maintain global security governance and compliance process.
Respond to security questionnaires from internal/external security audits and organize/document the common answers and approaches for future audits.
Facilitate security risk management within the business units.
Establish and maintain information risk metrics to highlight information assets that have the highest risk exposure.
Conduct regular reviews of remediation actions and report to business and technology senior management.
Requirements
Bachelor's degree or higher in information technology, cyber security or related field.
5+ years of experience in a security governance role.
Strong leadership and excellent communication skills.
Understanding of information risk, security control, data privacy related regulations (e.g. CCPA, SG PDPA, EU GDPR, China Cybersecurity law) within the financial services and banking industry.
Strong knowledge and practical working experiences in delivering global projects of international data privacy and information security frameworks including NIST Cybersecurity & Privacy Framework, ISO 27001, ISO 27701, CIS, SOC 2 Type 1/2 Report, PCI-DSS and ISAE 3000.
Demonstrable work experience delivering effective business and technical security solutions, processes, tools, and high performing teams.
A good working knowledge of the latest information technology security trends and emerging threats is essential.
Experience of implementing risk management principles and methodologies within a security or technology function.
Good project management experience and skills.
Strong analytical and problem-solving skills are a must-have.
Having one of the below security or privacy qualifications is a plus - CISSP, CISM, CISA, CEH, SANS, CCSP, ISO 27001 Lead Auditor, IAPP CIPP / CIPM.
An understanding of cloud infrastructure technologies and associated risks would be beneficial.
Working at Binance
Be a part of the world’s leading blockchain ecosystem that continues to grow and offers excellent career development opportunities.
Work alongside diverse, world-class talent in an environment where learning and growth opportunities are endless.
Tackle fast-paced, challenging and unique projects.
Work in a truly global organization, with international teams and a flat organizational structure.
Competitive salary and benefits.
Flexible working hours, remote-first, and casual work attire.
Learn more about how Binancians embody the organization’s
core values , creating a unified culture that enables collaboration, excellence, and growth. Apply today to be a part of the Web3 revolution! Binance is committed to being an equal opportunity employer. We believe that having a diverse workforce is fundamental to our success. By submitting a job application, you confirm that you have read and agree to our
Candidate Privacy Notice .
#J-18808-Ljbffr

Head of HR | Banking | Manufacturing | Automotive |1996 Olympian

• Ensuring the timely implementation of the information security roadmap for SG branch and carrying out the remediation activities identified from various risk and technology programs to ensure that HLB stays in compliance with local regulatory guidelines and expectations, as well as with the HO policies.
• Actively engaging in end-to-end IT security and cybersecurity risk remediation planning, resolution, and monitoring activities.
• Undertaking security reviews on the IT estate within Singapore branch and aligning to the group IT security policies and IT Controls Framework
• Evaluating alternative means of reducing the firm’s exposure to cybersecurity loss and coordinating security roadmap initiatives and activities
• Assisting in finding practical and cost-effective solutions to identified or revealed information security gaps and risk issues
• Providing direction and guidance in the development, implementation, and communication of risk related information security policies and standards to employees, colleagues, and/or customers.
• Keeping abreast of the development and advancements in the regulatory guidelines, such as the MAS TRM guideline and CSA Cybersecurity Act, as well as the BNM guidelines.
• Working in relation and conformity with internal and external auditors
• Providing aggregated IT Security and Cybersecurity risk supervision for various high impact areas of IT services for core components of IT risk measurement and reporting activities
• Building and maintaining strong and positive working relationships and effective means of communication with CISO function under Enterprise Risk Management, Operational Risk Management
• Supporting the HO IT risk teams in terms of liaison and reporting to the appropriate HQ IT risk committees
• Build and maintain an external network with other InfoSec and IT Risk professionals, as well as applicable cybersecurity and technology risk forums/bodies

• Bachelor’s degree in Information Technology or Computer Science or CyberSecurity, or in any related field
• Having certification in CISSP, CRISC, CISM, CISA, CIPM or related disciplines would be an advantage
• Minimum 10 years of IT Security experience in banking or financial institutions
• Staying aware of Information Security current affairs, business continuity, data management, security and encryption, and vulnerability analysis and audit
• Excellent communication skills, both written and verbal to be able to articulate complex IT security and cybersecurity risk in simple business terms
• Excellent problem solving and self-management skills in order to tactically and analytically solve technical problems and successfully handling management information and metrics design, collection, analysis, reports, etc.
• Hands-on experience with IT security tools and platforms would be required.
• Only Singaporean or SPR need to apply

Primary Objectives of Position

Manage security operation to ensure the safe use of IT systems and assets as well as protect against cybersecurity threats.

Manage various stages of projects in conception and initiation, planning, execution, performance/ monitoring, and project closure.

Job Responsibilities

• Establish, implement and maintain a sustainable information security framework that effectively addresses evolving and diverse cybersecurity threats.
• Perform risk assessments on Information, Operational and Assistive Technologies for vulnerabilities and implement security controls to reduce identified risks to an acceptable level.
• Monitor security alerts/ logs from IT systems, network and applications against baselines and gather publicly available information to identify precursors or indicators of cybersecurity attacks.
• Contain and eradicate cybersecurity incident effectively to prevent recurrence and restore systems and recover normal operations as quickly as possible.
• Hold lessons learned meetings to help improve security measures and incident handling process.
• Publish security advisories, conduct security workshops and share lessons learned to improve users’ awareness regarding cybersecurity matters.
• Perform information security audits to determine security violations and inefficiencies and recommend effective security controls.
• Oversee information security investigations with internal team, funders and local authorities and/ or 3rd party providers.
• Participate in various meetings and share compliance/ performance reports and audit findings to Management teams.
• Undertake information security related projects.

The above activities are no means exhaustive and are subjected to amendment whenever is needed .

Job Specifications

Minimum Education / Qualifications

• Degree in Information systems or equivalent

Minimum Years of Relevant Experience

• 2 or more years’ experiences in setting up and managing information security operations.

Knowledge/Skills

• Familiar with ISO27001 ISMS, NIST and/ or CIS frameworks.
• Experiences in incident handling and understanding in digital forensic investigation, tools and processes.
• Experiences in security protections, practices or solutions like Firewall, IDS/ IPS, DLP, WAF, NAC, WiFi security, encryption, patch management, etc.
• CISA, CISM, CISSP and/ or PMP certifications will be an advantage.
• Knowledgeable in Microsoft Office and other Windows and web applications.

Attributes (functional or leadership competencies)

• Meticulous and hands on.
• Excellent communication and written skills.
• Strong analytical and problem-solving skills.
• Team player with excellent interpersonal skills and multi-tasker.
• Customer-centric and proactive

• Establish, implement and maintain a sustainable information security framework that effectively addresses evolving and diverse cybersecurity threats.
• Perform risk assessments on Information, Operational and Assistive Technologies for vulnerabilities and implement security controls to reduce identified risks to an acceptable level.
• Monitor security alerts/ logs from IT systems, network and applications against baselines and gather publicly available information to identify precursors or indicators of cybersecurity attacks.
• Contain and eradicate cybersecurity incident effectively to prevent recurrence and restore systems and recover normal operations as quickly as possible.
• Hold lessons learned meetings to help improve security measures and incident handling process.
• Publish security advisories, conduct security workshops and share lessons learned to improve users' awareness regarding cybersecurity matters.
• Perform information security audits to determine security violations and inefficiencies and recommend effective security controls.
• Oversee information security investigations with internal team, funders and local authorities and/ or 3rd party providers.
• Participate in various meetings and share compliance/ performance reports and audit findings to Management teams.
• Undertake information security related projects.

• Degree in Information systems or equivalent

• 2 or more years' experiences in setting up and managing information security operations.

• Familiar with ISO27001 ISMS, NIST and/ or CIS frameworks.
• Experiences in incident handling and understanding in digital forensic investigation, tools and processes.
• Experiences in security protections, practices or solutions like Firewall, IDS/ IPS, DLP, WAF, NAC, WiFi security, encryption, patch management, etc.
• CISA, CISM, CISSP and/ or PMP certifications will be an advantage.
• Knowledgeable in Microsoft Office and other Windows and web applications.

• Meticulous and hands on.
• Excellent communication and written skills.
• Strong analytical and problem-solving skills.
• Team player with excellent interpersonal skills and multi-tasker.
• Customer-centric and proactive

Primary Objectives of Position
Manage security operation to ensure the safe use of IT systems and assets as well as protect against cybersecurity threats.
Manage various stages of projects in conception and initiation, planning, execution, performance/ monitoring, and project closure.
Job Responsibilities
Establish, implement and maintain a sustainable information security framework that effectively addresses evolving and diverse cybersecurity threats.
Perform risk assessments on Information, Operational and Assistive Technologies for vulnerabilities and implement security controls to reduce identified risks to an acceptable level.
Monitor security alerts/ logs from IT systems, network and applications against baselines and gather publicly available information to identify precursors or indicators of cybersecurity attacks.
Contain and eradicate cybersecurity incident effectively to prevent recurrence and restore systems and recover normal operations as quickly as possible.
Hold lessons learned meetings to help improve security measures and incident handling process.
Publish security advisories, conduct security workshops and share lessons learned to improve users’ awareness regarding cybersecurity matters.
Perform information security audits to determine security violations and inefficiencies and recommend effective security controls.
Oversee information security investigations with internal team, funders and local authorities and/ or 3rd party providers.
Participate in various meetings and share compliance/ performance reports and audit findings to Management teams.
Undertake information security related projects.
The above activities are no means exhaustive and are subjected to amendment whenever is needed.
Job Specifications
Minimum Education / Qualifications
Degree in Information systems or equivalent
Minimum Years of Relevant Experience
2 or more years’ experiences in setting up and managing information security operations.
Knowledge/Skills
Familiar with ISO27001 ISMS, NIST and/ or CIS frameworks.
Experiences in incident handling and understanding in digital forensic investigation, tools and processes.
Experiences in security protections, practices or solutions like Firewall, IDS/ IPS, DLP, WAF, NAC, WiFi security, encryption, patch management, etc.
CISA, CISM, CISSP and/ or PMP certifications will be an advantage.
Knowledgeable in Microsoft Office and other Windows and web applications.
Attributes (functional or leadership competencies)
Meticulous and hands on.
Excellent communication and written skills.
Strong analytical and problem-solving skills.
Team player with excellent interpersonal skills and multi-tasker.
Customer-centric and proactive
#J-18808-Ljbffr

Overview

Join to apply for the Project Manager - Information Security role at Shopee .

• Drive the planning, execution, and monitoring of information security projects.
• Track project progress, identify risks, and develop mitigation strategies.
• Coordinate with project stakeholders, including security engineers, developers and SREs.
• Collaborate with IT compliance to address compliance-related issues and ensure that projects are aligned with regulatory requirements.
• Analyse existing processes, identify areas for improvement, optimise workflows, and implement changes.

• Bachelor's degree or higher in Computer Science, Information Security, or a related field.
• Strong project management skills, including planning, organising, and time management.
• Excellent communication and interpersonal skills.
• Demonstrates a keen interest in, and understanding of information security or cybersecurity.
• Self-driven with the ability to work independently and as part of a team.

• Seniority level: Mid-Senior level
• Employment type: Full-time
• Job function: Information Technology
• Industries: Internet Marketplace Platforms and Technology, Information and Internet

Note: This description focuses on the role responsibilities and required qualifications. Boilerplate referrals or unrelated role listings have been removed.