Vice President, Security Governance

Key Responsibilities

• Develop, maintain, and enhance comprehensive security governance standards, policies, procedures, and guidelines aligned with corporate policies, regulatory mandates, and industry-leading frameworks.
• Partner with business units and IT teams to assess, refine, and standardize cyber risk and information security management processes to ensure consistency and operational excellence.
• Lead security audits, assurance activities, and regulatory engagements; manage responses to audit findings and regulatory inquiries with thorough documentation and knowledge management.
• Act as a trusted advisor and consultant to stakeholders on security governance matters, ensuring IT projects and initiatives incorporate appropriate risk mitigation and compliance controls.
• Identify process gaps and inefficiencies within IT and IS frameworks; recommend and implement pragmatic improvements to enhance security posture and risk management.
• Communicate effectively across the organization to raise awareness of security governance policies, standards, and changes, fostering a culture of compliance and security mindfulness.
• Stay abreast of evolving cyber threats, regulatory changes, and industry trends to proactively update governance practices and risk management strategies.
• Execute other related duties as assigned, contributing to the overall security strategy and objectives of the organization. 

Job Requirements

• Bachelor’s degree in Information Technology, Cybersecurity, or a related field.
• Minimum 15 years of professional experience with at least 7 years focused on cyber risk management and information security governance.
• Deep expertise in risk management frameworks, IT governance, cybersecurity standards, and compliance requirements across multiple jurisdictions (e.g., Singapore, Malaysia, India).
• Proven experience managing audits and regulatory compliance in technology, cybersecurity, and information security domains.
• Strong knowledge across diverse IT and security domains such as Identity and Access Management (IAM), Cryptographic Key Management, Third-Party Risk Management, and IT Infrastructure Operations.
• Exceptional interpersonal, analytical, and written communication skills with the ability to influence and engage stakeholders at all levels.
• Demonstrated problem-solving skills and ability to work effectively under pressure and tight deadlines.
• Self-motivated, meticulous, and a proactive team player with a positive attitude and strong sense of responsibility.
• Ability to manage multiple priorities in a fast-paced, evolving environment.
• Relevant professional certifications (e.g., CISSP, CISM, CISA, CGEIT) and CRI (https://cyberriskinstitute.org/) are highly desirable.