162 Security Best Practices jobs in Singapore

Summary
Provide better appreciation and experiential learning in Cybersecurity defence in terms of concepts, architecture, technologies, tools, and operations.

Job Description
Responsibilities:
Application Security

• Research web and mobile application security best practices
• Research into the latest IAM technologies and propose enhancements to existing SIA infrastructure
• Assist in tracking and resolving penetration test and threat modelling findings
• Perform internal security testing using Burp Suite and Kali Linux, etc.

Security Compliance

• Work closely with various IT teams to identify, assess and manage information security risks
• Assist to coordinate with application and various IT teams on various compliance controls.
• Perform proactive threat analysis from network traffic, user and security logs, and other relevant security data to hunt for potential adversary activity.

MAS Technology Risk Management Guidelines

• Assist to collect and compile security related statistics, assess the information and prepare management reports.
• Assist in conducting regular phishing campaigns and compile the results for analysis.

Risk Management

• Assess and enforce the security controls of IT projects

Projects

• Assist in the Cyber and Information Security project requirement gathering, procurement and implementations.
• Assist the project manager and liaise with vendor
• Provide internal support during the implementation

Requirements

• Pursuing a degree with specialization in Information Security
• Interest in cyber security
• Good trouble-shooting and analytical skills
• Independent and resourceful
• Good interpersonal skills

Job Objectives

The Security Governance Specialist role will support the Head of Security Governance in enhancing and maintaining the Security Governance within the Group Information Security(GIS) function in the Bank.

Key Responsibilities

This position will support senior Security Governance team members and work closely with various business, risk and technology stakeholders to:

• Proactively assess the compliance exposure to current and emerging security-related regulatory requirements and plan & track remediation efforts.

• Manage reverse third-party due diligence engagements related to GIS.

• Manage audit, assurance and regulatory engagements related to GIS including ongoing knowledge management on queries and request for information.

• Track and report against the technology KORI(Key Operational Risk Indicators)/KRIs and required security metrics.

• Execution of the GIS KRCSA (Key Risk and Control Self Assessments).

• Management policy, procedures and standards updates and control.

• Manage various GIS initiatives and duties as assigned.

Key Requirements

• Communicate effectively with a variety of internal and external teams and stakeholders.

• Capable of managing a variety of priorities and deliverables with minimal guidance or supervision.

• Ability to respond to any requests and issues on a timely basis.

Education

• Diploma/Degree in engineering/Computer Science / IT/Cyber Security from a recognized education institution.

• Professional Technology Risk Management/Cybersecurity related qualification will be favorable although not mandatory.

• Knowledge of industry best practices.

Technical Skills

• Overall experience 5+ years of experience.

• 2+ years of relevant experience in Security/IT governance disciplines.

• Have a strong security risk and analytical mindset in approaching situations and interactions with stakeholders.

• Effective negotiating skills and demonstrated sensitivity to working and interacting with stakeholders.

• Good knowledge of Security concepts and practices.

• Good knowledge of Security related guidelines and advisories from regulators.

• Good with numbers for use in metrics.

Soft Skills

• Good written and verbal communication skills and expertise in setting and managing stakeholder expectations.

• Process aware mindset.

• Strong analytical and problem-solving skills.

• Effective time management and organizational skills.

• Strong team player.

• Able to work independently with minimal supervision.

• High degree of attention to detail and discipline on tracking and managing the closure of identified gaps and issues.

• Willing to learn quickly.

Carry out the end-to-end security management for enterprise of application security, host security, data security, network security, including but not limited to security policy management and system maintenance.

Responsible for the Governance, Risk and Compliance technical implementation of personal information protection requirements.

Project management, plan and coordinate security tools implementation throughout the overseas region. Providing periodic reporting of progress and issues.

Conduct and perform periodic security awareness training and phishing campaigns.

Responsible for the break-down and implementation of the development work in the baseline specification and technical architecture.

The ideal candidates we are looking for should be seasoned Information Security Professionals with:

• Bachelor’s degree or above in Computer Science.
• At least 3 years working experience in network or information security related fields.
• Familiar with ISO27001, ITIL related technical standards and control measures.
• Familiar with common information security products and technical principles, e.g. system and network security, DLP, antivirus, encryption, SIEM, Zero Trust etc.
• Security certification such as CISSP, CISA, CCNP, CCIE is preferred.

At PwC, we help clients build trust and reinvent so they can turn complexity into competitive advantage. We’re a tech-forward, people-empowered network with more than 370,000 people in 149 countries. Across audit and assurance, tax and legal, deals and consulting we help clients build, accelerate and sustain momentum. Find out more at

If you love the business side of information security this is the place to be. Within the CISO pillar we work closely with member firm stakeholders to understand their business model and roadmap for technology. In turn the CISO pillar outlines the roadmap for NIS and drives engagement and adoption of central security services in line with the PwC Cyber Readiness program. Our mission is to identify, control, and reduce the attack surface across the network of member firms while increasing our adversaries’ cost of attack. Network Information Security team is redefining cyber security on a global scale at PwC. Our mission protects 223,000 PwC members across 157 member firms worldwide, as well as our global clients. If you are seeking an exciting career with the scope to grow your information and cyber security skills, then NIS will empower you to do so.

• Project Support: Assist in the planning, execution, and monitoring of projects.
• Project Support: Utilise strong critical thinking and problem solving skills day to day.
• Project Support: Collaborate with team members to ensure project deliverables are met on time and within scope.
• Project Support: Prepare and maintain project documentation, including reports, presentations, and meeting minutes.
• Project Support: Quickly adapt to changing priorities and project requirements.
• Project Support: Demonstrate flexibility in managing tasks and responsibilities in a dynamic work environment.
• Project Support: Proactively identify and address potential issues or roadblocks to ensure smooth project execution.
• Project Support: Work with other NIS teams both locally, regionally and globally to deliver the security needs specific to the firm.

• Compliance and Vulnerability Management: Support work in vulnerability management and compliance activities
• Compliance and Vulnerability Management: Handles BAU activities such as managing security exceptions
• Compliance and Vulnerability Management: Help the business comply with the Information Security Policy by leveraging your cyber security knowledge and expertise.
• Compliance and Vulnerability Management: Collaborate with PwC IT and global team to align security process and tools.

• Application Security: Guide and support the business team to complete all required security reviews
• Application Security: Build knowledge on application security to effectively support security assessments
• Application Security: Align with different global and local teams to identify and fix gaps or risk found.

• Other: Help with daily security incident handling
• Other: Help to manage junior staff, for example interns

• Interest in Information Security
• Bachelor’s or master’s degree (technical degree) or equivalent Industry certification

• Desired Certifications: Certifications aren’t prerequisites however are well regarded
• Education Level: Undergraduate Degree (e.g. BIT, BSc) STEM or equivalent work experience: 2 - 4 years’ of progressive professional roles involving information security, computer science and/or other technical background

• Required Skills: Application Security, Application Security Assessments, Web Application Security Testing, and related cybersecurity controls and standards
• Optional Skills: Accepting Feedback, Active Listening, IT Infrastructure, Data Privacy Act, Information Security Governance

Travel Requirements: 0%

Available for Work Visa Sponsorship? No

Government Clearance Required? No

• Entry level

• Full-time

• Information Technology

• Accounting

Join to apply for the Information Security Engineer role at Manpower Singapore

2 days ago Be among the first 25 applicants

Join to apply for the Information Security Engineer role at Manpower Singapore

Information Security Engineer, Vulnerability Management and Operation

We are seeking an exceptional Security Engineer to support our vulnerability management program. This is a technical, operation-oriented, and hands-on role in a dynamic and fast-paced environment.

You'll work with various applications and systems to manage vulnerabilities, follow up with different teams, drive remediation, and improve current processes.

• You will join a team that stays up to date on emerging security vulnerabilities and threats, maintains composure in crises, and advocates for improving product and service security.
• You need a good technical background and a strong interest in network, system, and web security.
• The role requires excellent communication skills to collaborate effectively with diverse teams. Responsibilities include:
• Working cross-functionally to identify and assess vulnerabilities, guiding teams through the remediation lifecycle with a focus on timely resolution and outcome-driven communication.
• Using programming to analyze large data dumps related to systems and applications to extract key information for vulnerability impact analysis.

• BSc in Computer Science, Information Technology, Information Security, or related field
• At least 3 years of experience in information security or related field
• Self-starter with flexibility to work remotely and support a global team
• Ability to manage multiple activities concurrently
• Passionate about data security
• Experience with vulnerability scanning tools like Tenable, Qualys, etc.
• Familiarity with common security vulnerabilities and their severity assessment
• Ability to analyze vulnerabilities and provide remediation guidance
• Independent in supporting and driving vulnerability remediation
• Continuous improvement mindset and automation skills
• Ability to run proof of concept for known vulnerabilities
• Understanding of IPv4 and IPv6 networks
• Proficiency in programming languages such as Python, Go, Rust, or Bash scripting
• Excellent critical thinking skills
• Problem-solving skills related to logic and algorithms
• Experience with SQL and Linux
• Experience with penetration testing
• Knowledge of the security research community

Note: Your response to this advertisement and communications will constitute informed consent for the collection, use, and disclosure of personal data by ManpowerGroup Singapore, in accordance with the Personal Data Protection Act 2012. For more information, visit ManpowerGroup's Privacy Policy .

CyberArk Engineer

We are seeking a skilled and motivated CyberArk Engineer to join our growing security engineering team. In this role, you will be responsible for designing, implementing, and supporting privileged access management (PAM) solutions using CyberArk, ensuring the highest levels of security, compliance, and operational efficiency.

The ideal candidate will hold a CyberArk Certified Delivery Engineer (CDE) certification and have experience with Sentry (preferred). You will collaborate with cross-functional teams to protect sensitive data and critical systems from unauthorized access.

Key Responsibilities:

• Manage the onboarding and lifecycle of privileged accounts across various systems and environments.
• Implement CyberArk policies and security best practices to align with compliance and regulatory standards.
• Develop and maintain automation scripts and integrations with CyberArk using REST APIs, PowerShell, and other tools.
• Monitor and troubleshoot CyberArk infrastructure and user issues, providing escalation support as needed.
• Troubleshoot and remediate CyberArk Central Policy Manager (CPM) failures, including credential rotation errors, connectivity issues, and policy misconfigurations.
• Analyse CPM logs and error codes to identify root causes and implement durable solutions in collaboration with infrastructure and application teams.
• Perform health checks and tuning of CPM components to ensure stability and optimal performance.
• Basic understanding of custom CPM and PSM connectors for target platforms not natively supported by CyberArk.
• Work with application owners to gather requirements for new connectors, create integration documentation, and test connector functionality in pre-production environments.
• Leverage scripting (e.g., PowerShell, Python) to enhance connector behaviour and automate remediation tasks.
• Contribute to the connector certification process and maintain version control for custom components.
• Assist with audits, documentation, and reporting of privileged access activities.
• Work with IT, DevOps, and Security teams to integrate PAM solutions into existing workflows.
• Stay up to date with emerging threats, PAM trends, and CyberArk product updates.

Required Qualifications:

• CyberArk Certified Delivery Engineer (CDE) certification (must-have)
• 3+ years of experience implementing and supporting CyberArk solutions in enterprise environments
• Proficiency with CyberArk components and architecture
• Strong scripting skills (PowerShell, Python, etc.) and experience using CyberArk APIs
• Understanding of Identity and Access Management (IAM) concepts, Zero Trust, and least privilege
• Solid knowledge of Windows/Linux systems, Active Directory, and network security fundamentals

Preferred Qualifications:

• Experience or certification with Sentry
• CyberArk Defender or Guardian certification(s)
• Familiarity with cloud PAM implementations (AWS, Azure, GCP)
• Experience with SIEM tools and security monitoring
• Bachelor's degree in Computer Science, Information Security, or related field

Interested candidates may apply through the application system. We regret to inform only Shortlisted candidates will be notified.

By sending us your personal data and curriculum vitae (CV), you are deemed to consent to PERSOLKELLY Singapore Pte Ltd and its affiliates to collect, use and disclose your personal data for the purposes set out in the Privacy Policy available at You acknowledge that you have read, understood, and agree with the Privacy Policy.

PERSOLKELLY Singapore Pte Ltd
• RCB No E
• EA License No. 01C4394 
• EA Registration No. R Derrick Tiew Yong Han)

This is in partnership with the Employment and Employability Institute Pte Ltd ("e2i").

e2i is the empowering network for workers and employers seeking employment and employability solutions. e2i serves as a bridge between workers and employers, connecting with workers to offer job security through job-matching, career guidance and skills upgrading services, and partnering employers to address their manpower needs through recruitment, training, and job redesign solutions. e2i is a tripartite initiative of the National Trades Union Congress set up to support nation-wide manpower and skills upgrading initiatives.

Work Location :

Singapore, Singapore

Hours:

40

Line of Business:

Technology Solutions

Pay Details:

We're committed to providing fair and equitable compensation to all our colleagues. As a candidate, we encourage you to have an open dialogue with a member of our HR Team and ask compensation related questions, including pay details for this role.

Job Description:

Responsibilities:

• Conduct Penetration Tests: Perform thorough and methodical penetration testing on web applications, mobile, AI, network infrastructures, and other systems to identify security vulnerabilities.
• Vulnerability Assessment: Assess and analyze security weaknesses, and provide actionable recommendations to mitigate risks and improve overall security posture.
• Report Findings: Document and communicate findings clearly and effectively to both technical and non-technical stakeholders. Prepare comprehensive reports with recommendations for remediation.
• Develop and Execute Test Plans: Design and execute detailed test plans
• Stay Current: Keep up-to-date with the latest security trends, vulnerabilities, and tools to ensure testing methodologies are current and effective.
• Collaborate with Teams: Work closely with IT and development teams to understand system architectures, provide guidance on security best practices, and support the implementation of security improvements.
• Perform Risk Assessments: Evaluate and assess potential security risks related to new and existing systems and technologies.
• Compliance: Ensure that penetration testing practices comply with relevant regulations, standards, and organizational policies.

Requirements:

• At least 8-10 years of relevant experience
• Technical Skills:
• Proficiency in penetration testing tools such as Metasploit, Burp Suite, Nmap, and Kali.
• Knowledge of common web application vulnerabilities (e.g., OWASP Top Ten) and network security principles.
• Analytical Skills: Strong analytical and problem-solving abilities with attention to detail.
• Communication: Excellent verbal and written communication skills, with the ability to convey complex technical concepts to non-technical stakeholders.
• Ethical Standards: Demonstrated understanding of ethical hacking principles and a commitment to maintaining high ethical standards.

Preferred Qualifications:

• Experience with penetration testing in AI, cloud environments (e.g., AWS, Azure) and PCI testing.
• Familiarity with security standards and frameworks
• Certifications: Relevant certifications such as Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), or GIAC Penetration Tester (GPEN) are highly desirable.

Who We Are

TD is one of the world's leading global financial institutions and is the fifth largest bank in North America by branches/stores. Every day, we deliver legendary customer experiences to over 27 million households and businesses in Canada, the United States and around the world. More than 95,000 TD colleagues bring their skills, talent, and creativity to the Bank, those we serve, and the economies we support. We are guided by our vision to Be the Better Bank and our purpose to enrich the lives of our customers, communities and colleagues.

TD is deeply committed to being a leader in customer experience, that is why we believe that all colleagues, no matter where they work, are customer facing. As we build our business and deliver on our strategy, we are innovating to enhance the customer experience and build capabilities to shape the future of banking. Whether you've got years of banking experience or are just starting your career in financial services, we can help you realize your potential. Through regular leadership and development conversations to mentorship and training programs, we're here to support you towards your goals. As an organization, we keep growing – and so will you.

Our Total Rewards Package

Our Total Rewards package reflects the investment we make in our colleagues to help them, and their families achieve their well-being goals. Total Rewards at TD includes a base salary and several other key plans such as health and well-being benefits, including medical coverage, paid time off, career development, and reward and recognition programs.

Additional Information:

We're delighted that you're considering building a career with TD. Through regular development conversations, training programs, and a competitive benefits plan, we're committed to providing the support our colleagues need to thrive both at work and at home.

Colleague Development

If you're interested in a specific career path or are looking to build certain skills, we want to help you succeed. You'll have regular career, development, and performance conversations with your manager, as well as access to an online learning platform and a variety of mentoring programs to help you unlock future opportunities. Whether you have a passion for helping customers and want to expand your experience, or you want to coach and inspire your colleagues, there are many different career paths within our organization at TD – and we're committed to helping you identify opportunities that support your goals.

Training & Onboarding

We will provide training and onboarding sessions to ensure that you've got everything you need to succeed in your new role.

Interview Process

We'll reach out to candidates of interest to schedule an interview. We do our best to communicate outcomes to all applicants by email or phone call.

Accommodation

If you require an accommodation for the recruitment / interview process (including alternate formats of materials, or accessible meeting rooms or other accommodation), please let us know and we will work with you to meet your needs.

Job Title: Security GRC Lead/ ISO

About the Role

We are hiring an Security GRC Lead/ISO for our client in the insurance sector . This is a senior leadership role responsible for developing and executing the enterprise-wide information security strategy. The successful candidate will drive policy, governance, and risk management initiatives while overseeing cybersecurity operations and ensuring alignment between business and security objectives.

Key Responsibilities

• Develop and lead the company-wide information security strategy in alignment with business goals and regulatory standards (e.g., MAS TRM, ISO
• Serve as the key advisor and senior leadership on cybersecurity and risk matters.
• Lead the creation and enforcement of security policies, procedures, and standards.
• Manage security risk assessments, third-party/vendor risk, and compliance initiatives.
• Oversee incident response and threat management across the organization.
• Monitor and report key security metrics, including incident response time, system availability, and vendor performance.
• Evaluate and implement emerging cybersecurity technologies and best practices.

Qualifications

• Bachelor's or Master's in Computer Science, Information Security, or related field.
• Professional certifications such as CISSP, CISM, CISA, CRISC , or equivalent are preferred.
• 8–10 years of relevant experience, with at least 5 years in a security leadership role (e.g., IT Security Manager, CISO).
• Proven experience in regulated industries , ideally within financial services or insurance.
• Strong knowledge of MAS TRM guidelines , risk frameworks, and GRC practices.
• Excellent leadership, communication, and stakeholder management skills.

If this opportunity aligns with your skills and career goals, we encourage you to apply.

EA License: 21C0783

EAP Registration No: R