We are seeking a pragmatic and hands-on Chief Information Security Officer (CISO) to lead and mature the organisation's cybersecurity capabilities across the region.
This role is responsible for defining and executing the company's information security strategy, strengthening governance frameworks, improving operational resilience, and elevating overall cybersecurity maturity.
The successful candidate must be comfortable operating in a lean structure,combining strategic leadership with hands-on technical oversight and execution.
Responsibilities
Security Strategy & Maturity Uplift
- Develop and execute a multi-year cybersecurity roadmap aligned with business objectives
- Assess current security maturity and define a structured uplift programme
- Establish measurable KPIs and risk indicators to track progress
- Embed security awareness and accountability across the organisation
- Report regularly to senior management on risk posture and improvement initiatives
Governance, Risk & Compliance (GRC)
- Establish and formalise security policies, standards, and procedures
- Implement or enhance frameworks aligned with ISO 27001, NIST CSF, CIS Controls (as applicable)
- Oversee regulatory compliance (e.g. PDPA, regional data regulations, client security requirements)
- Own the cyber risk register and risk remediation roadmap
- Lead internal and external audits
Security Architecture & Engineering
- Define and maintain secure architecture across cloud and on-prem environments
- Ensure appropriate controls across identity, endpoint, network, and data protection
- Embed security-by-design principles into infrastructure and application development
- Rationalise and optimise security tools for cost-effectiveness and performance
- Evaluate emerging technologies and ensure scalability for regional growth
Security Operations & Incident Management
- Oversee day-to-day security operations, including monitoring, vulnerability management, and incident response
- Define and test incident response plans and business continuity coordination
- Manage third-party security vendors and service providers
- Ensure appropriate SLAs and operational effectiveness
Team Leadership & Capability Building
- Lead and mentor a small security team
- Build internal capabilities while balancing outsourced support
- Foster a strong security culture across business and technology teams
- Support hiring and succession planning as the function scales
Requirements:
- 10-15 years of progressive cybersecurity experience
- Prior experience leading or building a security function within an SME or regional organisation
- Demonstrated experience uplifting cybersecurity maturity
- Strong exposure across GRC, operations, and security architecture
To apply:
If you're interested to apply or find out more, please share across your CV or reach out to Chen Yi at [Confidential Information] for a discussion. Due to anticipated high volume of applications, we regret to inform that only shortlisted candidates will be notified.
Reg: R1876389
Lic: 16S8060
