Chief Information Security Officer

Roles & Responsibilities

Job Description – Chief Information Security Officer (CISO)

About the Role

We are seeking an experienced Chief Information Security Officer (CISO) with proven expertise in regulated Digital Payment Token (DPT) environments to lead the cybersecurity and data privacy strategy of our client's trading platform. This role will be pivotal in ensuring the resilience, security, and compliance of our operations under the Monetary Authority of Singapore (MAS) requirements, while driving a culture of security-first across the organization.

The CISO will oversee cybersecurity strategy, governance, operations, incident response, and data privacy, ensuring strong alignment with regulatory expectations, business goals, and client trust.

Key Responsibilities

Cybersecurity Leadership & Strategy

• Define and execute the local cybersecurity and data privacy strategy, ensuring alignment with global policies and regulatory requirements.
• Act as the primary security authority for the Singapore entity licensed under the Payment Services Act (PSA) for Digital Payment Tokens (DPT).
• Establish, maintain, and continuously improve the Information Security Management System (ISMS) in compliance with MAS guidelines, ISO 27001, NIST, and other relevant frameworks.

Risk Management & Compliance

• Oversee cyber risk assessments, threat modeling, and vulnerability management.
• Ensure compliance with MAS Technology Risk Management (TRM) Guidelines, Outsourcing Guidelines, and AML/CFT security expectations.
• Liaise with regulators (e.g., MAS) on cybersecurity matters, inspections, and audits.
• Maintain strong knowledge of crypto and fintech regulatory environments, including emerging requirements in Singapore and other jurisdictions.

Security Operations & Incident Response

• Lead Security Operations Center (SOC) activities, threat intelligence, monitoring, and response.
• Develop and maintain incident response playbooks, ensuring rapid detection, containment, and recovery from cyber threats.
• Oversee data protection controls, including encryption, DLP, and access management.
• Drive adoption of secure by design principles across product development and trading platform architecture.

Data Privacy & Protection

• Ensure compliance with the Personal Data Protection Act (PDPA) and global privacy frameworks (e.g., GDPR).
• Oversee data classification, handling, retention, and cross-border data transfer policies.
• Conduct privacy impact assessments (PIAs) and support the business in privacy-by-design initiatives.

Stakeholder Management & Leadership

• Partner with Product, Engineering, Compliance, and Risk teams to balance security with business agility.
• Advise the Board and Executive Leadership on cyber risks, KPIs, and KRIs.
• Build and mentor a local cybersecurity and privacy team, while coordinating with global security teams.
• Promote security awareness training and culture across the organization.

Requirements

• Proven experience as a CISO, Head of Information Security, or equivalent senior cybersecurity leadership role.
• Prior experience working in a regulated Digital Payment Token (DPT) / trading platform under the Payment Services Act (Singapore).
• Deep knowledge of MAS TRM Guidelines, Payment Services Act (PSA), AML/CFT requirements, and data privacy laws (PDPA, GDPR).
• Strong understanding of blockchain, crypto custody, wallets, key management, and trading systems security.
• Hands-on expertise in:
  • Cybersecurity frameworks: ISO 27001, NIST, CIS Controls.
  • Security technologies: SIEM, SOC, IAM, EDR, DLP, encryption.
  • Cloud and container security (AWS, Kubernetes, DevSecOps).
• Strong communication and stakeholder management skills, with the ability to engage regulators, executives, and engineering teams.
• Professional certifications such as CISSP, CISM, CISA, CRISC, CCISO or equivalent.
• Bachelor's degree in Computer Science, Information Security, or related field (Master's degree preferred).

Preferred Attributes

• Experience scaling security programs in fast-paced crypto, fintech, or trading environments.
• Ability to anticipate regulatory trends and proactively prepare compliance strategies.
• Strong leadership skills with the ability to build and grow local cybersecurity teams.
• Strategic thinker with hands-on capability when required.

When you apply, you voluntarily consent to the disclosure, collection and use of your personal data for employment/recruitment and related purposes in accordance with the Tech Aalto Privacy Policy, a copy of which is published at Tech Aalto's website (https://www.techaalto.com/privacy/)

Confidentiality is assured, and only shortlisted candidates will be notified for interviews.

Tech Aalto Pte Ltd | 24S2130 EA

Pushpanjli Kir | R1657306.

Tell employers what skills you have

Information Security
Leadership
Security Operations
Vulnerability Management
Outsourcing
Blockchain
Risk Management
Strategy
Compliance
Audits
CISA
Information Security Management
Regulatory Requirements
Stakeholder Management
Security Awareness
CISSP

---