Information Security Governance Manager (SG)

About Crypto.com

Crypto.com was founded in 2016 on a simple belief: it's a basic human right for everyone to control their money, data and identity. With over 10 million users on its platform today, Crypto.com provides a powerful alternative to traditional financial services, turning its vision of "cryptocurrency in every wallet" into reality, one customer at a time. Crypto.com is built on a solid foundation of security, privacy and compliance and is the first cryptocurrency company in the world to have ISO/IEC 27001:2013, ISO/IEC 27701:2019, and PCI: DSS Level 1 Service Provider compliance, as well as NIST CSF & PF Tier 4 maturity SOC2 and more. Crypto.com is headquartered in Singapore with a 3000+ strong team.

For more information, please visit www.crypto.com.

Position Summary

As our Information Security Governance Manager, you will be leading and growing the APAC Information Security Governance (ISG) team based in Singapore responsible for ensuring the firm’s information security governance, risk, and compliance are enforced and managed systematically, and monitoring key trends and emerging risks that could potentially affect the firm’s overall security and privacy posture. The ISG team operates in a fast-paced and dynamic environment and utilizes the best industry frameworks to effectively identify, evaluate, monitor and manage the firm’s technology and information security governance, risk and compliance issues in support of the firm’s growth and strategic plan.

Responsibilities

● Manage the delivery of global security governance and compliance strategies

● Manage and maintain a security compliance framework across global entities that can align with the company’s compliance and Internal audits requirements

● Develop, manage and maintain effective information security policies, processes, standards and procedures.

● Lead and support ISO 27001, PCI-DSS, SOC 2 Type 1/2 and other security compliance projects

● Develop maturity model and track of information security controls

● Internal first point of contact for general security enquiries. Proactively approach and support internal stakeholders across global entities

● Establish and maintain global security governance and compliance process

● Respond to security questionnaire from internal/external security audit and organize/document the common answers and approaches for future audits

● Facilitate security risk management within the business units

● Establish and maintain information risk metrics to highlight information assets that have the highest risk exposure. Conduct regular review of remediation actions and report to business and technology senior management

Requirements

● Bachelor's degree or higher in information technology, cyber security or related field

● 5+ years of experience in a security governance role, with 2+ years of experience in a

managerial role

● Strong leadership and excellent communication skills

● Understanding of Information Risk, security control, data privacy related regulations (e.g. CCPA, SG PDPA, EU GDPR) within the financial services and banking industry

● Strong knowledge and practical working experiences in delivering global projects of international data privacy and information security frameworks including NIST Cybersecurity & Privacy Framework, ISO 27001, ISO 27701, CIS, SOC 2 Type 1/2 Report, PCI-DSS, ISAE 3000, ITIL, and COBIT as well as experience in IPO and M&A

● Demonstrable work experience delivering effective business and technical security solutions, processes, tools, and high performing teams

● Good working knowledge of the latest information technology security trends and emerging threats is essential

● Experience in implementing risk management principles and methodologies within a security or technology function

● Good project management experience and skills

● Strong analytical and problem-solving skills are must-have

● Having one of the below security or privacy qualification is a plus - CRISC, CISSP, CCSP, CISM, CISA, ISO 27001 Lead Auditor, IAPP CIPP / CIPM, OSCP, SANS

● An understanding of cloud infrastructure technologies and associated risks would be beneficial

Benefits

• Attractive compensation package with fringe benefits
• Opportunity to work in the innovative and ever-growing Fintech industry
• Exposure to corporate governance practice of various jurisdictions across the world
• Huge responsibilities from Day 1. Be the owner of your own learning curve. The possibilities are limitless and depend on you.
• You will work in a very dynamic environment and be part of an international team.