JOB DESCRIPTION

You will be an integral member of the SIA Group Information Security team, reporting directly to the Chief Information Security Officer (CISO). In this strategic role, you will support the CISO in developing, implementing, and maintaining a comprehensive Information Security program ensuring Governance, Risk, and Compliance (GRC). You will lead a lean, agile team enhanced with AI and automation to drive meaningful cybersecurity outcomes and elevate the organization’s cyber resilience.

REQUIREMENTS

• Bachelor’s degree in IT, Cybersecurity, or related field
• 10+ years of relevant experience in information security, leading GRC initiatives
• Experience in Governance, Risk, and Compliance activities and CISO-level support
• Proficiency in modern security technologies and practices
• Experience with AI large language models (LLMs) and automation tools
• Proven ability to work across diverse stakeholder groups
• Strong communication, presentation, and stakeholder management skills
• Self-driven, proactive mindset with sense of urgency
• Comfortable in fast-paced environments
• Professional certifications (CISSP, GIAC, or equivalent) preferred
  We thank all candidates for your interest in Singapore Airlines, and regret that only shortlisted candidates will be notified.

Strategy and Planning

• Assist CISO in defining and executing information security strategy and roadmap
• Support enhancement of executive cyber reporting to senior management and board
• Provide strategic insights aligning security initiatives with business goals and threats

Policy Framework Lifecycle Management

• Lead management and improvement of information security policy framework
• Establish robust lifecycle management process for timely reviews and updates
• Engage stakeholders in policy development and review
• Monitor and incorporate regulatory and industry-specific cybersecurity requirements
• Ensure policy alignment across all business units

Group Cyber Resilience Initiatives

• Develop and maintain unified cybersecurity resilience framework
• Drive Group-wide cyber resilience initiatives
• Oversee third-party cybersecurity maturity assessments
• Facilitate cross-functional Group meetings for strategic alignment

Risk Management

• Modernize and oversee Group’s information security risk management framework
• Implement key cyber risk indicators (KRIs) and develop metrics
• Manage third-party cyber risk management framework
• Align security risk initiatives with enterprise risk management (ERM) program

User-Centric Training and Awareness

• Lead development of comprehensive information security awareness program
• Design and execute phishing simulation exercises
• Deliver role-specific training for various business units and leadership levels
• Drive engagement through gamified campaigns and multimedia platforms
• Organize outreach programs to promote strong security culture

Project Governance and Oversight

• Provide governance and support to cybersecurity project owners
• Enforce compliance with corporate policies
• Assist in allocation and monitoring of project budgets
• Conduct control self-assessments

Cybersecurity Maturity Assessment (CSMA)

• Manage CSMA Program across the Group
• Select and manage third-party assessment providers
• Prioritize findings and ensure timely execution of improvement plans
• Oversee preparation of executive reports on CSMA outcomes