Head of IT Security

Singapore /
Technology /
Permanent
iSTOX is the first fully regulated capital markets platform in any major financial centre to feature the issuance, custody and trading of digitised securities. Combining the power of distributed ledger technology (DLT) and smart contracts with an innovative business model, iSTOX brings private capital markets into the 21st century. By allowing buyers and sellers to connect directly, iSTOX removes longstanding barriers that have prevented a far greater pool of investors from access to private market opportunity. Compared with traditional trading venues, iSTOX is a more flexible, affordable and inclusive alternative, and offers investment options that were previously inaccessible.

iSTOX is now fully regulated by the Monetary Authority of Singapore. Key investors include Singapore Exchange and Heliconia (a fully owned subsidiary of Temasek).

We are seeking a Head of IT Security to be part of our team. This position will report to the Head of Technology and will own the overall IT security strategy of the company. 

Responsibilities

    • Design and execute the overall IT security strategy and frameworks, including governance, risk and compliance
    • Be responsible for overall security of critical systems and services, including cloud security
    • Own our security infrastructure and policies, perform risk analysis
    • Review IT security architecture
    • Perform internal IT Security audits on business processes, infrastructure, data privacy etc
    • Work closely with internal and external stakeholders to understand and put in place robust IT security policies, processes and tools
    • Project management, coordination with internal stakeholders and external auditors, audit reports and remediation with management
    • Provide advisory on security threats and vulnerabilities and recommend resolutions
    • Security Incident response management reporting, support and solution implementation 
    • Work with partners and vendors to ensure compliance of security requirements in an FI environment
    • Development of content and approval of policies within the data security and privacy program
    • Oversee information security awareness, data privacy and related training for employees

Requirements

    • Degree in IT / Engineering or technology preferred
    • In-depth knowledge of IT Security and Governance, Risk Management and Compliance requirements and practices
    • 10+ years of experience in the various security disciplines (e.g., Data Security, Privacy program and policy, information security, information governance, incident response, information security, training and awareness, etc.)
    • Knowledge of regulatory requirements related to Privacy, including but not limited to MAS, GDPR, HIPAA, CCPA and the NIST standards or equivalent
    • Hands-on experience and knowledge on cloud security a strong advantage
    • Relevant Industry Certifications such as CISSP, CISA, CISM, ISO 27001, PCI QSA or equivalent are a must
    • Effective communicator with strong influencing and stakeholders’ engagement skills
    • Pro-active with multi-tasking capacities, and comfortable to work hands-on as an individual contributor or member of a larger team
    • Good people management skills to drive team in meetings and achieving high performance result or project goals