117 Security Consultant jobs in Singapore

Direct message the job poster from Howden

At Howden, we employ talented individuals and empower them to make a real difference to the company, whilst building successful and fulfilling careers.

The entrepreneurial atmosphere is one of the biggest reason people love to work for us. We are a leading independent, global insurance brokers but have a noticeably flat hierarchy. It doesn’t matter how junior or senior, anyone with a good idea will be heard. This means our employees can shape their own career paths and determine their own success.

This atmosphere attracts the brightest talent in the market. If that includes you, get in touch.

Job role: Senior Security Consultant (M&A Architecture Focus)

Department: Information Security / Enterprise Architecture

Report to: Group Deputy Chief Information Security Officer

A LEADING GLOBAL INDEPENDENT BROKER

Howden is a specialist commercial insurance broker. Its regional footprint covers Singapore (regional headquarters),

Malaysia, Hong Kong, Indonesia, Thailand, and Philippines. It is part of the London-headquartered Howden Broking Group, a leading independent, global broker with offices in over 40 countries worldwide.

About the Role:

We are looking for a highly skilled and experienced Senior Security Consultant to join our dynamic and fast-growing security team. This pivotal role blends deep technical proficiency in cybersecurity with strategic leadership in Mergers & Acquisitions (M&A) initiatives. As a trusted security advisor, you will be instrumental in evaluating the security posture of target organizations, identifying potential risks, and ensuring seamless integration of security frameworks post-acquisition.

You will lead the end-to-end security lifecycle of M&A activities from due diligence and risk analysis to integration planning and execution. Your work will directly influence the organization’s ability to scale securely, maintain compliance, and protect critical assets during periods of rapid change. This role requires a unique combination of technical depth, business acumen, and cross-functional collaboration, making it ideal for professionals who thrive in complex, high-impact environments.

Key Responsibilities:

Security Analysis & Architecture

• Conduct In-Depth Security Assessments of Systems, Networks, and Applications: Perform comprehensive evaluations of both on-premises and cloud-based environments to identify vulnerabilities, misconfigurations, and potential attack vectors. Utilize tools such as vulnerability scanners, penetration testing frameworks, and manual review techniques to assess the security posture of critical assets. Deliver detailed reports with prioritized findings and actionable remediation recommendations.
• Design and Recommend Security Controls and Architecture Improvements: Develop and propose robust security architectures that align with industry best practices and organizational risk tolerance. This includes designing secure network topologies, implementing zero-trust principles, and recommending controls such as encryption, multi-factor authentication, and intrusion detection/prevention systems. Work closely with enterprise architects to ensure security is embedded into the design phase of all technology initiatives.
• Collaborate with IT, DevOps, and Business Units to Ensure Secure Design and Implementation of Systems: Act as a security advisor throughout the system development lifecycle (SDLC), participating in design reviews, threat modeling sessions, and change management processes. Partner with DevOps teams to integrate security into CI/CD pipelines (DevSecOps), ensuring automated testing and compliance checks. Provide guidance to business stakeholders on balancing security requirements with operational needs and user experience.

M&A Security Integration

• Lead Security Due Diligence Efforts:Spearhead comprehensive security evaluations during M&A activities, including pre-acquisition risk assessments, gap analyses, and compliance reviews. Collaborate with legal, IT, and business teams to identify potential security liabilities, regulatory exposures, and integration challenges. Ensure that all findings are documented and communicated effectively to executive stakeholders.
• Develop and Execute Security Integration Plans: Create tailored security integration strategies for newly acquired entities, aligning them with the organization’s overarching security architecture and governance frameworks. This includes harmonizing policies, access controls, identity management systems, and incident response protocols. Oversee the execution of these plans, ensuring minimal disruption to business operations and maintaining a strong security posture throughout the transition.
• Identify and Mitigate Legacy and Third-Party Risks: Conduct thorough assessments of legacy systems, inherited infrastructure, and third-party vendor relationships to uncover vulnerabilities and compliance gaps. Implement remediation plans that may include system upgrades, vendor renegotiations, or decommissioning of outdated technologies. Ensure secure data migration practices and validate that sensitive information is protected during transfer and integration.
• Post-Merger Monitoring and Optimization: Establish post-merger security monitoring protocols to detect anomalies and ensure ongoing compliance. Use metrics and KPIs to evaluate the effectiveness of integration efforts and identify areas for continuous improvement. Provide regular updates to senior leadership and contribute to post-acquisition reviews and lessons-learned sessions.
• Stakeholder Engagement and Communication: Act as a liaison between technical teams and business units during M&A processes, translating complex security requirements into actionable business terms. Facilitate workshops and training sessions to onboard acquired teams into the organization’s security culture and practices.
• Ensure compliance with industry standards (e.g., ISO 27001, NIST, DORA, SOC 2, GDPR).
• Support internal and external audits related to security controls and M&A activities.
• Maintain documentation and reporting for security assessments and integration efforts.
• Act as a trusted advisor to senior leadership on security risks and strategies during M&A.
• Mentor junior analysts and contribute to the development of security best practices.
• Participate in incident response and threat modeling exercises as needed.

Qualifications

Required :

• 7+ years of experience in cybersecurity, with at least 2 years in a senior or lead role.
• Proven experience in M&A security assessments and post-acquisition integration.
• Strong understanding of enterprise security architecture, cloud security (AWS, Azure, GCP), and network security.
• Familiarity with regulatory and compliance frameworks (e.g., GDPR, HIPAA, PCIDSS).
• Excellent communication and stakeholder management skills.

Preferred:

• Certifications such as CISSP, CISM, CCSP, or SABSA.
• Experience with security tools such as SIEM, DLP, vulnerability scanners, and EDR platforms.
• Background in enterprise architecture or solution architecture is a plus.

YOUR BENEFITS AND SALARY:

• Commensurate with qualification and experience
• Working in a collaborative environment with excellent learning opportunities
• Possibility of moving to a permanent role at the end of the 12 months if you can prove yourself to be adding value to our business.

DATA PROTECTION NOTICE FOR JOB APPLICANTS

This Data Protection Notice (“Notice”) sets out the basis upon which Howden Insurance Brokers (S.) Pte. Limited (“we”, “us” or “our”) may collect, use, disclose or otherwise process personal data of job applicants in accordance with the Personal Data Protection Act (“PDPA”). This Policy applies to personal data in our possession or under our control, including personal data in the possession of organizations which we have engaged to collect, use, disclose or process personal data for our purposes.”

For more information, please refer to the link below.

• Seniority level Mid-Senior level

• Employment type Full-time

• Job function Information Technology
• Industries Insurance

Referrals increase your chances of interviewing at Howden by 2x

Get notified about new Security Consultant jobs in Singapore, Singapore .

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

Cundall’s security consultancy team’s mission is to play a key role in keeping people safe from the security threats and risks that affect them in their day to day lives, both at home and at work. We also aim to protect our client’s assets, ensuring they are safe and secure, and business, ensuring its continued operation in the event of a security incident – we pride ourselves on our exemplary track record of providing intelligent advice designing innovative security solutions.

The security consultancy team are a source of world leading expertise – and offer a pro-active and collaborative approach to skill development, and professional excellence.

This is an excellent opportunity for a talented Principal Security Consultant to join a diverse team in our Singapore office to play a role in ensuring the successful delivery of security controls for some of the most exciting and high-profile projects across various sectors.

You will lead and manage an established team of electronic security systems consultants in the delivery of design and advice on appropriate and proportionate electronic security solutions.

You will also work closely with colleagues of various disciplines to manage the delivery of technically excellent, profitable projects.

You will have an extensive background in security systems designs (video surveillance, access control, intruder alarm, intercom and integrated security management systems) and will have gained experience in delivering these following the RIBA Plan of Work design stages or equivalent.

You will also have good overall knowledge and / or experience of security risk management and the application of physical security solutions (including but not limited to Hostile vehicle Mitigation (HVM), forced entry protection, blast and ballistic mitigation to achieve a holistic approach to security risk mitigations.

You will have proven ability in managing direct reports, project teams, internal and external security stakeholders, preparing specifications, reports, general arrangement drawings and carrying out site inspections and surveys. Also, crucially – you have a passion for creative and intuitive design.

Given the collaborative and client focussed nature of this role, excellent communication skills and experience of using your initiative to overcome challenges are essential.

We know that to be the best at what we do we need a diverse workforce underpinned by an inclusive culture. Creating environments where everyone can find joy doing their best work is also great for everyone. That’s why we positively welcome applications from people of all backgrounds and identities, and encourage, support, and celebrate the diverse voices of our people.

• Conduct In-Depth Security Assessments of Systems, Networks, and Applications: Perform comprehensive evaluations of both on-premises and cloud-based environments to identify vulnerabilities, misconfigurations, and potential attack vectors. Utilize tools such as vulnerability scanners, penetration testing frameworks, and manual review techniques to assess the security posture of critical assets. Deliver detailed reports with prioritized findings and actionable remediation recommendations.
• Design and Recommend Security Controls and Architecture Improvements: Develop and propose robust security architectures that align with industry best practices and organizational risk tolerance. This includes designing secure network topologies, implementing zero-trust principles, and recommending controls such as encryption, multi-factor authentication, and intrusion detection/prevention systems. Work closely with enterprise architects to ensure security is embedded into the design phase of all technology initiatives.
• Collaborate with IT, DevOps, and Business Units to Ensure Secure Design and Implementation of Systems: Act as a security advisor throughout the system development lifecycle (SDLC), participating in design reviews, threat modeling sessions, and change management processes. Partner with DevOps teams to integrate security into CI/CD pipelines (DevSecOps), ensuring automated testing and compliance checks. Provide guidance to business stakeholders on balancing security requirements with operational needs and user experience.

• Lead Security Due Diligence Efforts:Spearhead comprehensive security evaluations during M&A activities, including pre-acquisition risk assessments, gap analyses, and compliance reviews. Collaborate with legal, IT, and business teams to identify potential security liabilities, regulatory exposures, and integration challenges. Ensure that all findings are documented and communicated effectively to executive stakeholders.
• Develop and Execute Security Integration Plans: Create tailored security integration strategies for newly acquired entities, aligning them with the organization's overarching security architecture and governance frameworks. This includes harmonizing policies, access controls, identity management systems, and incident response protocols. Oversee the execution of these plans, ensuring minimal disruption to business operations and maintaining a strong security posture throughout the transition.
• Identify and Mitigate Legacy and Third-Party Risks: Conduct thorough assessments of legacy systems, inherited infrastructure, and third-party vendor relationships to uncover vulnerabilities and compliance gaps. Implement remediation plans that may include system upgrades, vendor renegotiations, or decommissioning of outdated technologies. Ensure secure data migration practices and validate that sensitive information is protected during transfer and integration.
• Post-Merger Monitoring and Optimization: Establish post-merger security monitoring protocols to detect anomalies and ensure ongoing compliance. Use metrics and KPIs to evaluate the effectiveness of integration efforts and identify areas for continuous improvement. Provide regular updates to senior leadership and contribute to post-acquisition reviews and lessons-learned sessions.
• Stakeholder Engagement and Communication: Act as a liaison between technical teams and business units during M&A processes, translating complex security requirements into actionable business terms. Facilitate workshops and training sessions to onboard acquired teams into the organization's security culture and practices.

• Ensure compliance with industry standards (e.g., ISO 27001, NIST, DORA, SOC 2, GDPR).
• Support internal and external audits related to security controls and M&A activities.
• Maintain documentation and reporting for security assessments and integration efforts.

• Act as a trusted advisor to senior leadership on security risks and strategies during M&A.
• Mentor junior analysts and contribute to the development of security best practices.
• Participate in incident response and threat modeling exercises as needed.

• 7+ years of experience in cybersecurity, with at least 2 years in a senior or lead role.
• Proven experience in M&A security assessments and post-acquisition integration.
• Strong understanding of enterprise security architecture, cloud security (AWS, Azure, GCP), and network security.
• Familiarity with regulatory and compliance frameworks (e.g., GDPR, HIPAA, PCIDSS).
• Excellent communication and stakeholder management skills.

• Certifications such as CISSP, CISM, CCSP, or SABSA.
• Experience with security tools such as SIEM, DLP, vulnerability scanners, and EDR platforms.
• Background in enterprise architecture or solution architecture is a plus.

• Commensurate with qualification and experience
• Working in a collaborative environment with excellent learning opportunities
• Possibility of moving to a permanent role at the end of the 12 months if you can prove yourself to be adding value to our business.

• Support the sales by attending security sales meeting (if necessary), effort estimation and provide security testing project timeline
• Develop the security acceptance test plan
• Provide expert technical support during the security testing activities
• Security test preparation, setting-up of testing environment, configuration and installation of the security testing tools
• Perform manual or automated security testing using commercial security testing tools
• Conduct Greybox Testing (Authenticated) and/or Blackbox Testing (Unauthenticated) Penetration Tests
• Conduct Whitebox Testing and Secure Code Review
• Conduct Network and Infrastructure Vulnerability Assessment and Penetration Testing
• Conduct Web, Mobile and Desktop Application Vulnerability Assessment and Penetration Testing
• Find and pinpoint the vulnerabilities of the assess target system / application
• Document and Report the vulnerabilities found in the system
• Provide professional recommendations / advice to mitigate and resolve the vulnerabilities
• Present the security testing results to the relevant stakeholders
• Provide weekly status reporting on the security testing activity progress

• Bachelor's degree, preferably in computer science or information systems, or equivalent work experience
• Minimum 3 - 5 years security experience in a security analyst, engineer, architect, consultant, or a similar role
• Minimum 3 years' professional experience in conducting vulnerability assessment and penetration testing
• Required Certifications: Any of the followings:

1. CREST Registered Penetration Tester (CREST CRT)
2. CREST Practitioner Security Analyst
3. Offensive Security Certified Professional (OSCP)

• Knowledge in conducting security testing with the following guidelines and standards
• High proficiency in manual and automated techniques for penetration testing (network equipment, servers, web applications, APIs, wireless, mobile, databases, and other information systems), as well as executing vulnerability assessments (injection, privilege escalation, fuzzing, buffer overflows, etc.)
• Tools - Proxies, Port Scanners, Vulnerability Scanners, Exploit Frameworks (ex: Burp, Nessus, Nmap, Metasploit)
• Strong oral and written communication skills, including a demonstrated ability to prepare quality documentation and presentations for technical and non-technical audiences

• Deliver projects covering a broad range of Cybersecurity and Digital Risk topics, and occasionally Digital Transformation, IT strategy, Business Transformation
• Perform research and analysis, including interviews with clients to gather input, consolidate the findings, and provide recommendations to clients
• Develop and deliver presentations to communicate findings to clients
• Develop and enhance client relationships
• Support business development activities such as presenting proposals
• People & Career Development of the juniors from the team

• University degree in Information Technology, Information Systems, Computer Science, Cybersecurity
• Strong problem-solving, communication, and analytical skills
• Basic knowledge or understanding of IT/cybersecurity topics
• Ambition to grow consulting as well as technical skills, and a strong work ethic
• Professionalism in attitude and conduct; exhibit honesty and integrity and can build trust with internal teams and stakeholders
• Excellent command of spoken and written English
• Prior digital transformation/IT or data analysis experience
• First experience in consulting/advisory or project management
• Command of Microsoft Office
• Command of an additional language

• The ability to work in a dynamic international environment and ongoing on-the-job training
• The opportunity to work on exciting projects
• Excellent opportunities for personal and professional development, with ongoing coaching
• An attractive remuneration package commensurate with the experience and performance
• Entrepreneurial opportunities by being part of a fast-growing consulting firm

• Conduct training for our range of cybersecurity courses
• Guide students through coursework and projects
• Contribute to the further development of course materials
• Conducting cyber ranges for clients
• Advise clients on suitable types of training to conduct based on the profiles of their employees

• Passing our technical assessment (no minimum academic qualifications or certifications required)
• Proficient in Python
• Knowledge in Networking
• Hands-on experience in one of the following areas: IR, Pentest, OS Internals, Malware Analysis, Threat Hunting, SOC, Cloud Security, Cyber Threat Intelligence
• Strong presentation skills, written and verbal communication skills

• Team player
• Willingness to pick up new skills
• Comfortable with engaging large group

• Application security
• Network security
• System security
• Data security
• Cloud security

• ISO 27001
• NIST
• Common Criteria
• IEC 62443

">Cyber Security Professional ">

About the Job:

We are seeking a seasoned Cyber Security professional to join our team. The ideal candidate will possess expertise in information security, risk management, and compliance.

Key Responsibilities:

• Conduct security assessments and provide recommendations for mitigation measures.
• Develop and implement security protocols to protect against cyber threats.
• Collaborate with internal teams to ensure seamless integration of security solutions.
• Analyze and respond to security incidents in a timely manner.

Requirements:

• Minimum 5 years of experience in IT security domain.
• Strong knowledge of firewalls, IDS/IPS, AV, IAM, or PIM.
• Ability to work in international teams and adapt quickly to project demands.

Benefits:

• Opportunity to work on diverse projects and develop expertise in various domains.
• Chance to collaborate with experienced professionals and contribute to the growth of the organization.
• Award-winning company culture that values innovation and teamwork.

We are looking for individuals with hands-on experience in security administration, risk assessment, and compliance. If you have a passion for cybersecurity and want to make a difference, we encourage you to apply.