About this Cybersecurity Manager role at MORROW & MORROW Medical
Location: Singapore
Reports To: Head, Cybersecurity & IT
The Cybersecurity Manager is responsible for leading the organization's cybersecurity strategy, governance, risk management, compliance, and security operations. This role will drive cybersecurity initiatives, strengthen security controls, ensure policy implementation, and improve the overall security posture of the company.
Key Responsibilities
Cybersecurity Governance & Compliance
- Develop, implement, and maintain cybersecurity policies, standards, and procedures.
- Lead compliance initiatives, including ISO 27001, Cyber Essentials/Cyber Trust Mark, SOC 2, and regulatory requirements.
- Conduct security risk assessments and ensure remediation of identified gaps.
Security Operations & Incident Management
- Oversee security monitoring, vulnerability management, and incident response activities.
- Investigate security incidents and coordinate remediation efforts.
- Establish and maintain cybersecurity KPIs, controls, and reporting.
Security Architecture & Risk Management
- Review and improve security controls across infrastructure, cloud, networks, applications, and endpoints.
- Assess cybersecurity risks related to new technologies, systems, and business initiatives.
- Work closely with IT teams to implement security best practices and hardening measures.
Audit & Remediation
- Lead internal and external security audits.
- Track and manage remediation plans for identified vulnerabilities and audit findings.
- Ensure timely closure of cybersecurity gaps and compliance issues.
Security Awareness
- Develop and conduct cybersecurity awareness and training programs.
- Promote a security-first culture across the organization.
Vendor & Third-Party Security
- Perform security assessments of vendors and third-party service providers.
- Ensure cybersecurity requirements are incorporated into vendor management processes.
Requirements
- Bachelor's Degree in Information Security, Computer Science, IT, or related discipline.
- Minimum 8 years of IT and Cybersecurity experience, with at least 3 years in a leadership role.
- Strong knowledge of cybersecurity frameworks, including ISO 27001, NIST, CIS Controls, and Cyber Essentials.
- Experience in vulnerability management, incident response, governance, risk, and compliance (GRC).
- Familiarity with Microsoft 365 Security, Azure, AWS, cloud security, firewalls, EDR/XDR, SIEM, and endpoint protection solutions.
- Professional certifications such as CISSP, CISM, CEH, ISO 27001 Lead Implementer/Auditor, or equivalent are advantageous.
Preferred Attributes
- Strong leadership and stakeholder management skills.
- Excellent communication and report-writing abilities.
- Ability to drive security improvement initiatives and influence organizational change.
- Hands-on approach with strong problem-solving and operational capabilities.