Information Security Manager

InformationSecurityManager-CyberRisk&Regulatory

Singapore FULL TIME Remote Friendly

Market Sentiment

HIGH DEMAND

Neural analysis suggests this role is
optimal for Manager candidates.

The Brief

“Information Security Manager - Cyber Risk & Regulatory at Information Security Manager. Skills: Cyber Risk, Regulatory Compliance, GRC, cyber risk assessments, control reviews, MAS, CSA, cybersecurity regulatory frameworks, residual risk, communication skills. managing internal cyber risk from a regulatory and GRC perspective. assess cyber risks”

What You'll Achieve.

support informed decision-making around residual risk; helping leadership understand whether identified risks are acceptable and aligned with the firm’s risk appetite; Support regulatory readiness; support compliance with the Information Security Policy; support leadership decision-making; support risk-based conversations; enable effective information security activities and processes in line with the cyber readiness program

Industry & Context.

Problems you'll solve

find solutions to reduce security risk; build process efficiency

Eligibility Requirements

Travel Requirements: Up to 20%, Available for Work Visa Sponsorship? No, Government Clearance Required? No

What They're Looking For.

Must Have

background in Cyber Risk, Regulatory Compliance, and GRC, Hands-on experience performing cyber risk assessments and control reviews, Familiarity with MAS, CSA, and related cybersecurity regulatory frameworks, Experience working with or alongside centralized security functions (e.g. NIS / CISO teams), Ability to assess, articulate, and challenge residual risk in a structured and pragmatic manner, communication skills with the ability to engage both technical and non-technical stakeholders

Nice to Have

CRISC certification, Additional certifications such as CISSP, CISA

What You'll Do.

managing internal cyber risk from a regulatory and GRC perspective

evaluate control effectiveness

support informed decision-making around residual risk

act as a key bridge between regulatory expectations (e. g. MAS

global cyber controls

and local firm risk posture

helping leadership understand whether identified risks are acceptable and aligned with the firm’s risk appetite

Assess cyber risks and control effectiveness across the firm from a regulatory perspective

with primary focus on MAS

and other relevant regulatory frameworks

Conduct cyber risk assessments

including inherent and residual risk evaluation

aligned to regulatory expectations and industry best practices

Support regulatory readiness by interpreting regulatory requirements and mapping them to global and local cyber controls

Review and challenge the design and operating effectiveness of controls

leveraging existing frameworks and global NIS standards

Work closely with NIS teams (local

and global) to understand existing controls and identify gaps or areas of enhancement

Evaluate residual risk and engage with partners and senior stakeholders to have practical discussions around risk acceptance and risk treatment decisions

Work with Global NIS to analyse the cyber threat landscape to identify emerging risks

and potential impact to the firm

Translate technical cyber risks into business-relevant risk statements to support leadership decision-making

Maintain an understanding of cyber risk domains

including operational

and technology-driven risks

Provide guidance on control improvements aligned to regulatory expectations and firm-wide cyber strategy

Engage with partners and senior stakeholders to discuss risk posture

and regulatory implications

Act as a trusted advisor who can confidently support risk-based conversations

balancing regulatory expectations with business realities

Collaborate across Lines of Service and global teams in a matrixed environment

How You'll Work.

Team & Collaboration

partners closely with the Network Information Security (NIS) teams and business stakeholders; Work with senior stakeholders and technology teams; Work closely with NIS teams (local, regional, and global); Work with Global NIS; Partner with technical teams; Engage with partners and senior stakeholders; Collaborate across Lines of Service and global teams in a matrixed environment

Communication Scope

communication skills with the ability to engage both technical and non-technical stakeholders; Ability to leverage business communication skills to inform, persuade, and teach stakeholders across a global network of member firms’ staff and leadership to enable effective information security activities and processes in line with the cyber readiness program

Process & Methodology

prioritize tasks, manage and mitigate risks, ensure timely closure

Full Job Description

**Line of Service** Internal Firm Services **Industry/Sector** Not Applicable **Specialism** IFS - Risk & Quality (R&Q) **Management Level** Manager **Job Description & Summary** This role sits within the CISO / Cyber Risk & Compliance function and focuses on managing internal cyber risk from a regulatory and GRC perspective. The role partners closely with the Network Information Security (NIS) teams and business stakeholders to assess cyber risks, evaluate control effectiveness, and support informed decision-making around residual risk. You will act as a key bridge between regulatory expectations (e.g. MAS, CSA), global cyber controls, and local firm risk posture, helping leadership understand whether identified risks are acceptable and aligned with the firm’s risk appetite. **Key Responsibilities** Cyber Risk & Regulatory Oversight: · Assess cyber risks and control effectiveness across the firm from a regulatory perspective, with primary focus on MAS, CSA, and other relevant regulatory frameworks. · Conduct cyber risk assessments, including inherent and residual risk evaluation, aligned to regulatory expectations and industry best practices. · Support regulatory readiness by interpreting regulatory requirements and mapping them to global and local cyber controls. · Ability to lead and manage a team effectively. The ideal candidate should be proactive, dynamic, and self-driven, with the capability to handle challenging situations, prioritize tasks, manage and mitigate risks, and ensure timely closure. · Work with senior stakeholders and technology teams to supportcompliance with the Information Security Policy by leveraging your cyber security knowledge and expertise; Risk & Control Assessment: · Review and challenge the design and operating effectiveness of controls, leveraging existing frameworks and global NIS standards. · Work closely with NIS teams (local, regional, and global) to understand existing controls and identify gaps or areas of enhancement. · Evalua

Free ATS check

Applying for this Information Security Manager - Cyber Risk & Regulatory role?

Most applicants get filtered before a human reads their resume. See if yours makes the cut.

Should you apply? AI reads your resume vs this job — match score, gaps to address, ATS keywords.

SKILL SIGNAL 61 detected · ranked by frequency

Cyber Risk ×3

Regulatory Compliance ×3

GRC ×3

Assess cyber risks ×3

evaluate control effectiveness ×3

support informed decision-making ×3

interpret regulatory requirements ×3

map regulatory requirements to controls ×3

lead and manage a team ×3

Review and challenge the design and operating effectiveness of controls ×3

understand existing controls ×3

identify gaps or areas of enhancement ×3

Evaluate residual risk ×3

engage with partners and senior stakeholders ×3

practical discussions around risk acceptance and risk treatment decisions ×3

analyse the cyber threat landscape ×3

identify emerging risks, trends, and potential impact ×3

Translate technical cyber risks into business-relevant risk statements ×3

Maintain an understanding of cyber risk domains ×3

Demonstrate a understanding of cyber controls ×3

Partner with technical teams to understand control dependencies and limitations ×3

Provide guidance on control improvements ×3

Engage with partners and senior stakeholders to discuss risk posture, residual risk, and regulatory implications ×3

support risk-based conversations ×3

Collaborate across Lines of Service and global teams ×3

cyber risk assessments ×2

control reviews ×2

MAS ×2

CSA ×2

cybersecurity regulatory frameworks ×2

residual risk ×2

communication skills ×2

BEHAVIOURAL

proactivedynamicself-drivencapability to handle challenging situationsprioritize tasksmanage and mitigate risksensure timely closureAnalyticalinquisitive natureintuition regarding what questions to ask, when, and their relative significancenavigate complex environmentsfind solutions to reduce security riskInnovatethink outside of the boxbuild process efficiencydeliver service excellenceEmbracing ChangeEmotional RegulationEmpathyIntellectual Curiosity

Role Details

Seniority manager

Level Manager

Work Mode No

Type FULL TIME

Education Bachelor’s degree in Information Security, IT, Cybersecurity

AI-Extracted Insights

Domain Areas

mascsacybersecurity-regulatory-frameworksinformation-security-policycyber-risk-domainsoperational-risksregulatory-riskstechnology-driven-risks

Certifications

CRISC certification strongly preferredCISSPCISA

How to Apply on Workday

Workday has a multi-step form — save your progress after every section.
"Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
Job requisition numbers are useful when following up with HR by email.

ANONYMOUS · UNFILTERED

What do employees actually say about Information Security Manager?

Real rants from real employees. Read before you apply.

Read Company Rants →