The Chief Information Security Officer develops and drives the vision for the information security function. He/She acts as the authority for the development and enforcement of organisation security strategy, standards and policies, and has ultimate responsibility for ensuring the protection of corporate information for current and future country expansions. He guides the design and continuous improvement of the IT security architecture and Cyber Risk Maturity Model that balances business needs with security risks. He advises the board and top executives on all security matters and sets directions for complying with regulatory inquiries, legal and compliance regulations, inspections and audits.
He is an expert in cyber security compliance standards, protocols and frameworks, including but not limited to the Cyber Security Act 2018 (Singapore) and Cyber Security Act 2024 (Malaysia). He keeps abreast of cyber-related applications and hardware technologies and services, and is constantly on the look-out for new technologies that may be leveraged on to enhance work processes, or which may pose as potential threats.
The Chief Information Security Officer is an inspirational and influential leader, who displays sound judgement and decisiveness in ensuring that corporate information is well protected and secured. He is strategic in his approach toward resource management and capability development among his teams.
Formulate information security strategy
- Establish the organisational cyber security vision, strategy and underlying cyber security initiatives or programmes
- Align information security and information risk management strategy with business strategy
- Provide strategic, budgetary and administrative advice for implementation of information security strategy
- Drive security awareness and education on information security throughout the organisation
- Advise senior management and key stakeholders on information security matters
Establish security risk management
- Oversee the development of information security and risk management policies, disaster recovery and business continuity plans
- Evaluate current information security practices to ensure compliance with IT standards and industry norms
- Oversee the implementation of appropriate plans to ensure compliance with regulatory, industry and regional mandates
- Establish and implement cyber security legal risk rules and guidelines in line with industry norms and standards
- Drive information security and risk management awareness training programmes
Establish security architecture
- Oversee the design of cyber security architecture and the overall Cyber Risk Maturity Model
- Establish Key Performance Indicators (KPIs) to assess the effectiveness of the security architecture
- Facilitate the development of a framework to measure the effectiveness of security programmes
- Review security architecture to ensure that it addresses technology shifts and threats
Manage cyber security incidents
- Act as a subject matter expert in cyber security investigations and analysis
- Drive resolution of large-scale security incidents
- Lead the development of plans to address system vulnerabilities
- Advise on responses to regulatory inquiries, inspections or audits
- Present evidence for legal action arising from cyber security incidents
Manage cyber security risks
- Oversee the development of cyber security risk assessment frameworks
- Advise business stakeholders on the different types of cyber risks and incidents along with the cyber security compliance standards
- Oversee the development and testing of disaster recovery and business continuity plans
- Drive compliance with international and national information security and privacy regulations
- Act as the organisation's liaison with external agencies in cyber security risk matters
Qualifications & Experience
- Bachelor's Degree in Information Security, Computer Science, Information Systems, or related field; Professional certifications strongly preferred (e.g., GSLC, GSTRT, CISSP, CISM).
- Minimum 8 12 years of information security or IT risk management experience, with at least 3 5 years in a senior managerial, security leadership, or team lead role.
- Demonstrated experience building and governing enterprise-wide cybersecurity programs, spanning people, processes, and technology.
- Sector-relevant experience in healthcare cybersecurity, including exposure to EMR/EHR security, IoMT/medical device protection, and clinical systems risk management
- Strong understanding of regulatory environments across both countries, including Singapore PDPA, Cybersecurity Act, Health Information Bill (HIB), and Malaysia PDPA and Cyber Security Act.
- Hands-on incident response and crisis management experience, including ransomware preparedness and post-breach recovery planning.
Key Attributes
- Hands-on, proactive security leader with the ability to drive cybersecurity uplift across clinical, operational, and administrative teams.
- Strategic thinker with strong analytical and risk assessment acumen, capable of balancing security controls with patient safety, operational continuity, and business priorities.
- Detail-oriented yet capable of high-level security architecture oversight, governance planning, and long-term cyber resilience strategy.
- Excellent communication and stakeholder engagement skills, with the ability to influence senior executives, clinical leaders, and technology teams.
- Resilient, collaborative, and adaptable, able to manage diverse stakeholders and respond effectively under pressure.
