Mid to Senior – Security Governance/Operations

Role 1: Security Governance (Senior Analyst)

Position Objectives: This role is responsible for strengthening The Company's local technology governance and control environment through oversight of IT deviation management, technology issue tracking, and governance document management. It manages the end‑to‑end lifecycle of IT deviations and technology issues within the GRC platform to ensure timely remediation, appropriate risk assessment and compliance with governance requirements. The role also supports technology‑related due diligence activities and ensures local Technology Governance documents remain current, fit‑for‑purpose and aligned with Group standards, contributing to a robust and well‑controlled technology risk framework.

Requirements:

Education:

University degree in one of the following or related disciplines (Computer Science, Computer Engineering, Information Security, Information Systems).

Experience:

• 4–10 years of relevant experience in IT governance, technology risk management, IT audit, cybersecurity, or GRC‑related roles, preferably within financial services, insurance, or consulting/audit firms supporting regulated institutions.
• Hands‑on experience with IT deviation management, issue tracking, or control remediation using GRC platforms.
• Working knowledge of technology governance frameworks, policies and standards, including document lifecycle management.
• Experience supporting audit, regulatory reviews, or due diligence activities, including preparation of evidence and management reporting.
• Exposure to Group vs local governance models and operating within a multi‑entity or regional structure is an advantage.

Role 2: Principal Analyst – Security Operations

Position Overview

The objective of the position is to manage security posture for various on-prem and cloud platforms, including distributing and automating security patching operations, ensuring timely remediation of vulnerabilities and end-of-life (EOL) software risks across all resources. This role will drive continuous improvement of patch management processes, collaborate with cross-functional teams, and ensure the organization maintains a strong and resilient security posture. This position is also responsible for conducting security assessment and prioritization, as well as deviation management analysis in alignment with threat intelligence, compliance requirements, and business risk. In addition, this role will lead and deliver multiple security initiatives, including the management of end to end security projects and the implementation of security automation capabilities across key domains, such as security patching & Identity and Access Management, as well as the adoption and implementation of secure AI and automation technologies to enhance security operations and controls.

Requirements:

Education:

University degree in one of the following or related disciplines (Computer Science, Computer Engineering, Information Security, Information Systems).

Experience:

• 10 years of Tech experience with at least 8 years of experience in cyber security area in a regulated environment (e.g. bank, insurance, fintech, etc.)
• Strong knowledge of cybersecurity vulnerability management & EOL process remediation and automation, patching processes and tooling, cyber monitoring, and AI security.
• Knowledge of various source code management systems & cloud environment (such as Azure, AWS, GCP), including understanding of containers/K8s and micro-services-based architecture.
• Hands-on scripting with python/shell script/other scripting languages, dashboard visualization & API integration with Power BI & Power Automate, and
• Working experience as developers or DevOps or SRE would be an added advantage.
• Ability to drive the problem resolution of complex security issues, with strong analytical mindset based on data-driven approach.
• Experience of the implementation of a variety of security tools and documentation of the process
• Familiarity with MAS TRM guideline or similar regulatory requirements
• Excellent interpersonal and communication skill, with ability to deliver the key message of why, what, and how certain things are needed for remediation with elaboration of the risks, severity and impact.

Certifications/licenses:

• Preferably a holder of one or more of the following information security qualifications: GSOC, CSA, ECSA, CISSP, CEH, or similar.