Senior Manager Information Security

Make A Real Difference at PropertyGuru.
Real Aspirations. Real People. Real impact. 

PropertyGuru is Southeast Asia’s leading PropTech company, and the preferred destination for over 41 million property seekers to connect with more than 63,000 agents monthly to find their dream home. PropertyGuru empowers property seekers with more than 3.2 million real estate listings, in-depth insights, and solutions that enable them to make confident property decisions across Singapore, Malaysia, Thailand, Indonesia, and Vietnam. 

PropertyGuru.com.sg was launched in Singapore in 2007 and since then PropertyGuru Group has made the property journey a transparent one for property seekers in Southeast Asia. In the last 15 years, PropertyGuru has grown into a high-growth PropTech company with a robust portfolio of leading property marketplaces across its core markets; award-winning mobile apps; mortgage marketplace, PropertyGuru Finance; and a host of enterprise solutions now under PropertyGuru For Business, including a high-quality developer sales enablement platform, FastKey, DataSense, ValueNet, Awards, events and publications across Asia.

Responsibilities:  

At PropertyGuru Group, we strive to “Build Southeast Asia’s Trust Platform” and security is at the centre of building that trust with our customers, agents, and partners across Singapore, Vietnam, Malaysia, Thailand & India.

Role

The Senior Manager Information Security will be responsible for group-wide information security governance, risk management, compliance, cyber defence, security operations and business continuity management. They will maintain companywide programs for technology governance, risk, compliance and business continuity management, in a manner that meets our compliance and regulatory requirements, and aligns with the business goals and supports the risk posture of the organisation. The role will be responsible for leading the cyber defence & security operations functions to protect the group against cyber threats. You will oversee the implementation of security measures, managing incident response activities, and running security operations to maintain a robust security posture, ensuring that we have the right set of processes and tools to protect PropertyGuru Group & our customers. The right candidate will be responsible for security & privacy awareness and fostering the appropriate mindset and culture.

Responsibilities

As a security leader, you will foster a security-first culture and communicate continuously on security risks, current/future threats and regulatory changes to stakeholders. Serve as a subject matter expert (SME) on technology & AI governance, risk management, compliance, cyber defence, security operations & business continuity for senior business leadership and technology stakeholders. Be aware of current and upcoming regional government/ legal/ regulatory requirements for cybersecurity, data privacy & technology; and advise business leaders with insights, discussions & guidance for timely compliance.

Cybersecurity Program

Drive organisation wide programs for employee training, awareness & communications at all levels for adequate protection for the company. Enhance & implement our information security & risk management frameworks. Contribute to the implementation of security governance standards and procedures in compliance with regulatory and organisational requirements. Contribute to security initiatives and programs to shift security left. Develop & manage security dashboard; track metrics & performance and engage with stakeholders for continuous improvement.

Governance

Develop, implement and maintain a governance program for security, data and artificial intelligence, with the appropriate security standards, frameworks adoption, documentation & assessment, based on ISO/ IEC 27001, ISO/ IEC 27701, PCI DSS, SOC 2, NIST CSF, NIST RMF & NIST PF to ensure compliance with security requirements. Conduct security reviews, audits & assessment to ensure alignment with the group security & privacy policies. Coordinate and govern cybersecurity audits, compliance assessments, maturity assessments, corrective actions and implementation of recommendations. Aligning & collaborating with the Enterprise Risk Management, SOX, Privacy & Legal teams.

Risk Managem ent

Implement and monitor a strategic enterprise information security risk management program. Implement processes for Business Impact Assessments (BIA). Partner with internal BUs to conduct regular risk & threat assessments, risk management, conduct periodic security drills, security gamedays, and discover & document the most impactful risks. Recommend and deploy appropriate mitigation strategies for such identified risks. Partner with business stakeholders across the company to raise awareness of risk management concerns. Risk management for technology, vendors, third parties & software supply chain.

Data Privacy & Protection

Have an in-depth understanding of data privacy regulations & requirements in SE Asia, USA & India. Work closely with stakeholders in Legal, ERM, ESG, marketing & finance teams. Assess the data privacy posture of the organisation, and conduct Data Privacy Impact Assessments (PIA). Advise technology functions on data protection best practices.

Compliance

Lead the cybersecurity compliance program, implement policies and procedures and maintain a centralised repository for compliance-related documentation Ensuring compliance to cybersecurity & privacy regulations in Singapore, Malaysia, Thailand, Vietnam, India, and those of the US SEC. Implementation of recommendations/requirements from external regulators and internal/ external audits.

Technology Business Continuity Management

Managing the review and audit of technology business continuity and disaster recovery plans. Ensure plans adhere to the laid down standards and liaise with the relevant technology owners to conduct regular business continuity & disaster recovery exercises. Support the maintenance of all resilience policies to ensure they are always current and understand the implications of recommended changes. Supporting ongoing review and management of business continuity practices, tools & training.

Cyber Defence

Implement a strategic cybersecurity program to protect the organization from cyber threats, including security management, automation & orchestration, and oversee security measures for the enterprise environment. Drive tabletop exercises for the Board, management, technology teams and other business functions. Collaborate with all departments to integrate security measures into their processes and systems. Ensure the protection of business data & assets with an adequate level of security. Stay up to date with the latest cybersecurity trends and threat intelligence.

Security Operations & Incident Management

Implement a security operations program, with adequate automation. Be the first point of contact in case of a crisis and execute the incident management process. Establish & manage effective security incident management & remediation, lead incident response activities, including investigation and remediation of complex security incidents. Coordinate with relevant internal & external stakeholder for incident management & communication, with the ability to explain complex security concepts to non-technical staff. Advise the technology leadership on incidents & responses to them. Manage the Cyber Incident Response & Crisis Management Plan.

Requirements:

Qualifications

Strong leadership and team management skills, with an in-depth knowledge of cybersecurity regulations, principles and technologies. Excellent problem-solving skills, written and verbal communication skills and high level of personal integrity, combined with the ability to work under pressure. 12-18 years experience in cybersecurity, with a focus on Cyber Defence and GRC, with a minimum of 8 years hands-on experience in a combination of cyber defence, security operations or data protection. Innovative thinking, strong leadership and a collaborative approach, with an ability to lead and motivate cross-functional, interdisciplinary teams, with prior managerial experience in information security. Experience working in a distributed work culture with in-depth knowledge of cloud computing& virtualized environments. Experience with managing outsourced security services, budgets, contracts and vendors will be expected. Experience in leading compliance programs across the organization such as ISO 27001/ ISO 27701, NIST CSF/ RMF/ PMF, SOX, SOC audits & PCI-DSS. Preferably, a Bachelor’s or Master’s degree in cybersecurity, information technology, or a related field.

Knowledge

Deep understanding of cybersecurity threats & remediation, modern security technologies, methodologies, applications, and processes. Security governance, technology risk management, compliance and Internal audit. Program Management, Budget, Contract & Vendor management. Knowledge of regulatory frameworks in USA, SE Asia & India for cybersecurity, data privacy, compliance & reporting. Understanding of digital transformation, mobile and cloud technologies.

Essential Personal Skills

Self-starter who rolls up the sleeves to get things done with minimal supervision. Excellent leadership skills  Must demonstrate integrity, ethical responsibility, maturity, and discretion. Excellent communication abilities both written and verbal at all levels of management, internal stakeholders, vendors, auditors, regulators about our security compliance processes and posture. Experience developing partnerships with business leaders to create and execute multi-year roadmaps. History of evangelising security mindset and culture across the organisation with innovative and out of the box strategies for the program to be effective.

PropertyGuru Group is an equal opportunity employer committed to fostering an inclusive, innovative an learning environment with the best employees. Therefore, we provide employment opportunities without regard to gender, identity, race, religion, nationality, age, marital status, disability, or any other protected status, per applicable law. If there is anything we can do to help ensure you have a comfortable and positive interview experience, please let us know.

---