Senior Manager Information Security

Make A Real Difference at PropertyGuru.Real

Aspirations.

Real

People.

Real

impact.PropertyGuru is Southeast Asia’s leading PropTech company, and the preferred destination for over 41 million property seekers to connect with more than 63,000 agents monthly to find their dream home. PropertyGuru empowers property seekers with more than 3.2 million real estate listings, in-depth insights, and solutions that enable them to make confident property decisions across Singapore, Malaysia, Thailand, Indonesia, and Vietnam.PropertyGuru.com.sg was launched in Singapore in 2007 and since then PropertyGuru Group has made the property journey a transparent one for property seekers in Southeast Asia. In the last 15 years, PropertyGuru has grown into a high-growth PropTech company with a robust portfolio of leading property marketplaces across its core markets; award-winning mobile apps; mortgage marketplace, PropertyGuru Finance; and a host of enterprise solutions now under PropertyGuru For Business, including a high-quality developer sales enablement platform, FastKey, DataSense, ValueNet, Awards, events and publications across Asia.Responsibilities:

At PropertyGuru Group, we strive to “Build Southeast Asia’s Trust Platform” and security is at the centre of building that trust with our customers, agents, and partners across Singapore, Vietnam, Malaysia, Thailand & India.

RoleThe Senior Manager Information Security will be responsible for group-wide information security governance, risk management, compliance, cyber defence, security operations and business continuity management.They will maintain companywide programs for technology governance, risk, compliance and business continuity management, in a manner that meets our compliance and regulatory requirements, and aligns with the business goals and supports the risk posture of the organisation.The role will be responsible for leading the cyber defence & security operations functions to protect the group against cyber threats.You will oversee the implementation of security measures, managing incident response activities, and running security operations to maintain a robust security posture, ensuring that we have the right set of processes and tools to protect PropertyGuru Group & our customers.The right candidate will be responsible for security & privacy awareness and fostering the appropriate mindset and culture.ResponsibilitiesAs a security leader, you will foster a security-first culture and communicate continuously on security risks, current/future threats and regulatory changes to stakeholders.Serve as a subject matter expert (SME) on technology & AI governance, risk management, compliance, cyber defence, security operations & business continuity for senior business leadership and technology stakeholders.Be aware of current and upcoming regional government/ legal/ regulatory requirements for cybersecurity, data privacy & technology; and advise business leaders with insights, discussions & guidance for timely compliance.Cybersecurity ProgramDrive organisation wide programs for employee training, awareness & communications at all levels for adequate protection for the company.Enhance & implement our information security & risk management frameworks.Contribute to the implementation of security governance standards and procedures in compliance with regulatory and organisational requirements.Contribute to security initiatives and programs to shift security left.Develop & manage security dashboard; track metrics & performance and engage with stakeholders for continuous improvement.GovernanceDevelop, implement and maintain a governance program for security, data and artificial intelligence, with the appropriate security standards, frameworks adoption, documentation & assessment, based on ISO/ IEC 27001, ISO/ IEC 27701, PCI DSS, SOC 2, NIST CSF, NIST RMF & NIST PF to ensure compliance with security requirements.Conduct security reviews, audits & assessment to ensure alignment with the group security & privacy policies.Coordinate and govern cybersecurity audits, compliance assessments, maturity assessments, corrective actions and implementation of recommendations.Aligning & collaborating with the Enterprise Risk Management, SOX, Privacy & Legal teams.Risk Managem

entImplement and monitor a strategic enterprise information security risk management program.Implement processes for Business Impact Assessments (BIA).Partner with internal BUs to conduct regular risk & threat assessments, risk management, conduct periodic security drills, security gamedays, and discover & document the most impactful risks.Recommend and deploy appropriate mitigation strategies for such identified risks.Partner with business stakeholders across the company to raise awareness of risk management concerns.Risk management for technology, vendors, third parties & software supply chain.

Data Privacy & ProtectionHave an in-depth understanding of data privacy regulations & requirements in SE Asia, USA & India.Work closely with stakeholders in Legal, ERM, ESG, marketing & finance teams.Assess the data privacy posture of the organisation, and conduct Data Privacy Impact Assessments (PIA).Advise technology functions on data protection best practices.

ComplianceLead the cybersecurity compliance program, implement policies and procedures and maintain a centralised repository for compliance-related documentationEnsuring compliance to cybersecurity & privacy regulations in Singapore, Malaysia, Thailand, Vietnam, India, and those of the US SEC.Implementation of recommendations/requirements from external regulators and internal/ external audits.

Technology Business Continuity ManagementManaging the review and audit of technology business continuity and disaster recovery plans.Ensure plans adhere to the laid down standards and liaise with the relevant technology owners to conduct regular business continuity & disaster recovery exercises.Support the maintenance of all resilience policies to ensure they are always current and understand the implications of recommended changes.Supporting ongoing review and management of business continuity practices, tools & training.

Cyber DefenceImplement a strategic cybersecurity program to protect the organization from cyber threats, including security management, automation & orchestration, and oversee security measures for the enterprise environment.Drive tabletop exercises for the Board, management, technology teams and other business functions.Collaborate with all departments to integrate security measures into their processes and systems.Ensure the protection of business data & assets with an adequate level of security.Stay up to date with the latest cybersecurity trends and threat intelligence.

Security Operations & Incident ManagementImplement a security operations program, with adequate automation.Be the first point of contact in case of a crisis and execute the incident management process.Establish & manage effective security incident management & remediation, lead incident response activities, including investigation and remediation of complex security incidents.Coordinate with relevant internal & external stakeholder for incident management & communication, with the ability to explain complex security concepts to non-technical staff.Advise the technology leadership on incidents & responses to them.Manage the Cyber Incident Response & Crisis Management Plan.

Requirements:

QualificationsStrong leadership and team management skills, with an in-depth knowledge of cybersecurity regulations, principles and technologies.Excellent problem-solving skills, written and verbal communication skills and high level of personal integrity, combined with the ability to work under pressure.12-18 years experience in cybersecurity, with a focus on Cyber Defence and GRC, with a minimum of 8 years hands-on experience in a combination of cyber defence, security operations or data protection.Innovative thinking, strong leadership and a collaborative approach, with an ability to lead and motivate cross-functional, interdisciplinary teams, with prior managerial experience in information security.Experience working in a distributed work culture with in-depth knowledge of cloud computing& virtualized environments.Experience with managing outsourced security services, budgets, contracts and vendors will be expected.Experience in leading compliance programs across the organization such as ISO 27001/ ISO 27701, NIST CSF/ RMF/ PMF, SOX, SOC audits & PCI-DSS.Preferably, a Bachelor’s or Master’s degree in cybersecurity, information technology, or a related field.

KnowledgeDeep understanding of cybersecurity threats & remediation, modern security technologies, methodologies, applications, and processes.Security governance, technology risk management, compliance and Internal audit.Program Management, Budget, Contract & Vendor management.Knowledge of regulatory frameworks in USA, SE Asia & India for cybersecurity, data privacy, compliance & reporting.Understanding of digital transformation, mobile and cloud technologies.

Essential Personal SkillsSelf-starter who rolls up the sleeves to get things done with minimal supervision.Excellent leadership skillsMust demonstrate integrity, ethical responsibility, maturity, and discretion.Excellent communication abilities both written and verbal at all levels of management, internal stakeholders, vendors, auditors, regulators about our security compliance processes and posture.Experience developing partnerships with business leaders to create and execute multi-year roadmaps.History of evangelising security mindset and culture across the organisation with innovative and out of the box strategies for the program to be effective.PropertyGuru Group is an equal opportunity employer committed to fostering an inclusive, innovative an learning environment with the best employees. Therefore, we provide employment opportunities without regard to gender, identity, race, religion, nationality, age, marital status, disability, or any other protected status, per applicable law. If there is anything we can do to help ensure you have a comfortable and positive interview experience, please let us know.

---