Manager, IT Security

About the Job

The Manager, IT Security is responsible for strengthening and maintaining the security posture of the organisation's IT infrastructure, with a strong emphasis on regulatory and compliance obligations. This role ensures that security controls are aligned with Monetary Authority of Singapore (MAS) Technology Risk Management (TRM) Guidelines, MAS Cyber Hygiene Notice, and Bank Negara Malaysia's RMiT (Risk Management in Technology) policy, in addition to best practices. The manager will perform compliance reviews, support audits, produce infrastructure security reports, maintain documentation, and perform periodic firewall rule reviews to safeguard the organisation's systems and data.

• Conduct regular infrastructure security reviews in line with MAS TRM, MAS Cyber Hygiene, and BNM RMiT requirements.
• Ensure infrastructure controls such as system hardening, patch management, logging/monitoring, and privileged access management comply with regulatory expectations.
• Track and drive remediation of compliance gaps.
• Act as the primary subject matter expert (SME) for internal and external audits relating to infrastructure security.
• Prepare and provide audit evidence for regulators, internal audit, and external assurance reviews.
• Ensure timely closure of audit findings and strengthen preventive controls.
• Develop and deliver periodic infrastructure security reports (e.g., compliance dashboards, firewall rule review results, control effectiveness summaries) for management and risk committees.
• Maintain accurate and up-to-date security documentation, including infrastructure security policies, standards, configuration baselines, and audit logs.
• Conduct periodic firewall rule reviews to assess necessity, compliance, and alignment with least privilege principles.
• Ensure firewall configurations comply with MAS/BNM guidelines on secure perimeter defences and network segmentation.
• Partner with network and platform teams to remediate excessive or high-risk rules and strengthen monitoring controls.
• Promote awareness of regulatory security requirements across infrastructure and IT operations teams.

We are looking for people who

• Bachelor's degree in Information Security, Computer Science, or related field.
• 7+ years of IT security experience, with at least 4 years in infrastructure security within financial industries.
• Professional cybersecurity certifications such as CISSP, CISM, CISA, or CCSP are preferred.
• Strong understanding of MAS TRM, MAS Cyber Hygiene, BNM RMiT, and international standards (ISO 27001, CIS benchmarks).
• Hands-on experience with firewall technologies and conducting rule reviews.
• Strong documentation and reporting skills.
• Strong analytical, problem-solving, and stakeholder engagement skills.

How you succeed

• Champion and embody our Core Values in everyday tasks and interactions.
• Demonstrate high level of integrity and accountability.
• Take initiative to drive improvements and embrace change.
• Take accountability of business and regulatory compliance risks, implementing measures to mitigate them effectively.
• Keep abreast with industry trends, regulatory compliance, and emerging threats and technologies to understand and highlight potential concerns/ risks to safeguard our company proactively.

Who we are

Founded in 1908, Great Eastern is a well-established market leader and trusted brand in Singapore and Malaysia. With over S$100 billion in assets and more than 16 million policyholders, including 12.5 million from government schemes, it provides insurance solutions to customers through three successful distribution channels a tied agency force, bancassurance, and financial advisory firm Great Eastern Financial Advisers. The Group also operates in Indonesia and Brunei.

The Great Eastern Life Assurance Company Limited and Great Eastern General Insurance Limited have been assigned the financial strength and counterparty credit ratings of AA- by S&P Global Ratings since 2010, one of the highest among Asian life insurance companies. Great Eastern's asset management subsidiary, Lion Global Investors Limited, is one of the leading asset management companies in Southeast Asia.

Great Eastern is a subsidiary of OCBC, the longest established Singapore bank, formed in 1932. It is the second largest financial services group in Southeast Asia by assets and one of the world's most highly-rated banks, with an Aa1 rating from Moody's and AA- by both Fitch and S&P. Recognised for its financial strength and stability, OCBC is consistently ranked among the World's Top 50 Safest Banks by Global Finance and has been named Best Managed Bank in Singapore by The Asian Banker.

To all recruitment agencies: Great Eastern does not accept unsolicited agency resumes. Please do not forward resumes to our email or our employees. We will not be responsible for any fees related to unsolicited resumes.