Head of Information Security, Financial Services

We are seeking an experienced Head of Information Security to lead and mature a Financial Services firm’s global security posture.

This role is accountable for end-to-end information security across governance, risk & compliance (GRC), security operations, engineering, and security architecture, with a strong emphasis on cloud security design and architecture in a predominantly Azure-based environment.

Operating within a lean structure, the successful candidate must be both strategic and hands-on, capable of translating cyber risk into executive language while maintaining deep technical oversight across identity, cloud, endpoint, and network security domains.

Tanggung jawab:

Security Strategy & Governance (GRC)

• Define and execute a multi-year information security roadmap aligned with business growth and regulatory expectations

• Establish and maintain governance frameworks aligned to MAS TRM, NIST CSF, ISO 27001 and other applicable regulatory standards

• Own the cyber risk register, risk quantification, and reporting to senior management / board

• Oversee policy development, standards, and control frameworks

• Lead regulatory engagement, audits, and third-party assessments

• Oversee third-party cyber risk management

Security Architecture

• Own and define the firm’s security architecture strategy, ensuring defence-in-depth across cloud and on-prem environments

• Design and govern secure Azure cloud architecture, including:

  • Secure landing zones

  • Identity and access architecture (Entra ID, PIM, Conditional Access)

  • Network segmentation and ingress/egress controls

  • Secrets management and privileged access

  • Cloud workload protection and posture management

• Architect Zero Trust principles across identity, endpoint, network, and applications

• Embed security-by-design into infrastructure and development lifecycles

• Evaluate and rationalise security tooling to optimise effectiveness and cost

Security Operations & Engineering

• Oversee day-to-day security operations, ensuring effective detection and response capabilities

• Manage outsourced SOC/SIEM providers and internal security engineers

• Define incident response playbooks and lead major incident management

• Oversee vulnerability management and threat intelligence processes

• Ensure effectiveness of endpoint protection, EDR/XDR, DLP, IAM/PAM, and monitoring controls

• Drive automation and engineering improvements across the security stack

Programme & Transformation Delivery

• Lead medium-to-large scale security transformation initiatives (e.g., SIEM migration, PAM rollout, cloud segmentation, DLP deployment)

• Manage security budgets, vendor contracts, and service providers

• Develop and scale a high-performing security team

Persyaratan:

• 12+ years of progressive experience in cybersecurity / information security

• Recent years in leadership roles within financial services

• Demonstrated experience operating in lean, fast-paced environments

• Strong hands-on expertise in cloud security architecture

• Strong working knowledge of MAS TRM and financial regulatory expectations

To apply:

If you’re interested to apply or find out more, please share across your CV or reach out to Chen Yi at cy@kerryconsulting.com for a discussion. Due to anticipated high volume of applications, we regret to inform that only shortlisted candidates will be notified.

Reg: R1876389

Lisensi: 16S8060