Cyber Security Director

Role: Head of Cyber Security / Security Engineering Lead

Company
A Singapore-based digital payments provider regulated by the Monetary Authority of Singapore (MAS) as a Major Payment Institution, offering Digital Payment Token services and cross-border payments.

Operates a P2B2C model, providing end-to-end infrastructure that enables businesses to enter and scale in the digital asset space with strong emphasis on security, compliance, and reliability.

Through its broader ecosystem and platform, it supports services such as OTC trading, fiat payments, digital asset custody, and prime brokerage.

Overview
Lead security engineering, operations, and technology risk functions. Responsible for defining and executing cyber defense strategy, ensuring compliance with regulatory standards, and driving certification initiatives (e.g. SOC 2, PCI DSS).

Key Responsibilities

Security Architecture & Engineering

• Define security architecture, IAM strategy, and data/application security controls
• Establish detection engineering standards across cloud and enterprise environments

Security Operations & Incident Response

• Oversee MDR, threat intelligence, vulnerability management, and red/purple team exercises
• Lead incident response and strengthen detection and recovery capabilities

Risk, Compliance & Governance

• Maintain security policies and frameworks
• Ensure compliance with regulatory and industry standards (MAS TRM, HKMA, PDPA, GDPR, ISO 27001, SOC 2, PCI DSS)
• Manage audits and third-party risk

Strategy & Leadership

• Develop and execute multi-year security roadmap
• Optimize tools, vendors, and resource allocation
• Present risk insights and performance metrics to senior leadership

Requirements

• 12+ years in information security, with 5+ years leading security engineering, operations, and GRC teams
• Experience in regulated financial services (banking, payments, fintech)
• Strong background in Tech Risk, Operational Resilience, and Data Privacy
• Hands-on experience with Zero Trust, DevSecOps, cloud security (AWS/OCI), SIEM/EDR/SOAR, IAM/PAM, DLP
• Proven incident leadership and crisis management experience
• Strong stakeholder management and ability to translate technical risk into business impact

Nice-to-Have

• CISSP, CISM, CCISO, or CCSP
• ISO 27001 Lead Implementer/Auditor
• SOC 2 program leadership
• PCI DSS experience (scoping, segmentation, audits)
• Data protection certifications (e.g. CIPP/E, CIPM)