Job Description
Position Summary
We are seeking an experienced Infrastructure Information Security Manager to lead, govern, and continuously enhance the security posture of our IT infrastructure for our financial institution. This role pivots away from standard IT operations to focus entirely on infrastructure security architecture, threat defense, and technology risk. The ideal candidate will balance hands-on security engineering with strategic planning, security vendor management, and strict adherence to regulatory compliance in a fast-paced, highly regulated environment.
Key Responsibilities
Infrastructure Security Architecture & Operations
• Own the end-to-end security architecture and defense-in-depth strategy for all enterprise infrastructure: networks, servers, virtualization, cloud (AWS), Microsoft 365, and endpoints.
• Design and implement infrastructure security roadmaps aligned with business growth, zero-trust principles, and digital transformation initiatives.
• Establish and maintain comprehensive security monitoring and observability across all infrastructure layers to ensure rapid threat detection and response.
• Partner with IT Infrastructure and DevOps teams to ensure security controls are embedded into the lifecycle of all IT assets (Secure by Design) without bottlenecking deployments.
Security Tooling & Controls
• Oversee deployment, operational health, and fine-tuning of EDR solutions on endpoints and servers, including containment actions (isolate, kill, quarantine) and SOC/IR coordination.
• Manage and tune Web Application Firewalls (WAF) to protect critical internet-facing applications, optimizing rules, signatures, rate limiting, and bot/DoS protections.
• Drive the integration of infrastructure and application logs with SIEM platforms, ensuring optimal log coverage, correlation rules, dashboards, and actionable alerting for infrastructure threats.
• Implement and maintain File Integrity Monitoring (FIM) on critical systems to detect unauthorized changes and provide audit evidence.
• Lead cloud security services (especially AWS), configuring IAM, security monitoring, threat detection, compliance checks, and workload protection.
• Enforce consistent security policies across on-premise and cloud environments using CASB/SASE/ZTNA, VPN, DNS security, DLP, email gateways, and next-gen network firewalls.
• Drive comprehensive vulnerability management across all infrastructure components (OS, middleware, databases, network devices, cloud), tracking remediation SLAs with IT ops teams.
Regulatory, Risk & Compliance Governance
• Ensure infrastructure security controls fully comply with MAS Technology Risk Management (TRM) guidelines, Cyber Hygiene notices, and internal policies on confidentiality, integrity, and recoverability.
• Act as the primary security liaison with Internal/External Audit, Risk, and Compliance teams regarding infrastructure security posture, access reviews, and remediation of audit findings.
• Support cyber resilience and business continuity initiatives, actively participating in security incident response, tabletop exercises, and post-incident forensic reviews.
Vendor, Contract & Budget Management
• Manage relationships with security vendors, MSSPs, and integrators; conduct regular service reviews, track SLAs, and drive continuous service improvements.
• Negotiate contracts and renewals for security tooling; optimize costs and ensure appropriate support coverage.
• Prepare and manage the annual infrastructure security budget (CAPEX/OPEX), tracking spend and reporting forecasts to senior management.
Team Leadership & Stakeholder Engagement
• Lead, mentor, and develop a team of infrastructure security engineers and analysts; define responsibilities, set goals, and build modern security capabilities.
• Act as the primary Information Security point-of-contact for IT Operations and business units; manage escalations and provide clear communication during security incidents.
• Drive continuous improvement initiatives in security automation, Infrastructure-as Code (IaC) scanning, and overall security posture maturity.
Required Qualifications & Experience
• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or equivalent.
• 8–12 years of progressive experience in Information Security, with a strong specialization in infrastructure/cloud security and at least 3–5 years in a managerial or team lead capacity.
• Proven experience working in financial services / banking / other regulated environments in broader APAC region.
Regulatory & Governance
• Working knowledge of Singapore financial sector regulatory expectations (e.g., MAS TRM) and privacy requirements (PDPA).
• Extensive experience facilitating security audits, vulnerability assessments, penetration testing, and implementing sustainable security fixes.
Soft Skills
• Strong leadership, people management, and coaching skills.
• Excellent communication and stakeholder management; able to translate technical cyber risks into clear business language.
• Structured, process-driven, with strong analytical and problem-solving skills.
• Able to operate under pressure, manage multiple priorities, and make sound decisions during time-sensitive security events.
Preferred Qualifications
• Professional security certifications are highly desired: CISSP, CISM, CCSP, or equivalent.
• Cloud-specific security certifications (e.g., AWS Certified Security - Specialty).
• Experience with DevSecOps, security automation, and Infrastructure-as-Code concepts (Terraform, CI/CD pipelines).
• Deep familiarity with industry security frameworks and standards (e.g., ISO 27001, NIST CSF, CIS Controls).
Working hours:
Mon to Fri 9am - 6pm
