Senior Manager, Client Info Security

NCS is the leading technology services firm that operates across the Asia Pacific region in over 20 cities, providing consulting, digital services, technology solutions, and more. 

We believe in harnessing the power of technology to achieve extraordinary things, creating lasting value and impact for our communities, partners, and people. Our diverse workforce of 12,000 has delivered large-scale, mission-critical, and multi-platform projects for governments and enterprises in Singapore and the APAC region.

We're searching for a Senior Manager, Client Info Security (Applications) to be part of our diverse team of talents here at NCS 

If you believe in going above and beyond, embodying excellence, and bringing people and technology together like never before, we would love to have a conversation with you

What we seek to accomplish together:

Security, privacy, and operational resilience are critical issues facing all organizations today. We are currently looking for qualified and capable security minded individuals to be the driving force managing security governance throughout the lifecycle of client projects.

You will work as the interface between NCS Application and NCS Corporate HQ-wide cybersecurity leadership and the practice, driving organization-wide cyber security strategy, implementation, and in turn, ensuring client and practice requirements are fed back into the continual improvement of relevant strategy, policies, and standards.

Responsibilities include: 

• Drive the implementation of NCS cybersecurity, data protection, and privacy policies, standards, and processes within the practice. You will work to continually improve the security posture of projects through proactive risk management and the establishment of a broad range of cybersecurity controls.
• Provide direct support to colleagues to ensure cybersecurity is addressed throughout the project delivery lifecycle, from application design, application architecture patterns, testing, vulnerability, and security review.
• Act as a single point of contact and escalation for LOB application cybersecurity incidents, ensuring timely identification, remediation and lessons learned.
• Manage the security SLA governance and provide practice-level cybersecurity reporting, metrics and forecasting to leadership.
• Responsible for information security, data protection, privacy, GRC, and audit requests for the practice, acting as single point of contact on relevant client security assessment and audits execution. For example, independent third-party attestations of industry cybersecurity standards and certifications, such as ISO 27001, CIS Controls, NIST for practice-specific solutions and products
• Contribute to the definition of the client specific security baseline. Consult and advise internal and external clients about security topics and support the opportunity management process by providing subject matter expertise and support
• Help win client business by providing cybersecurity assurance to RFIs, RFPs, proposals, contract drafting, security questionnaires, workshops, and other client due diligence processes.

A little about you: 

• Degree/Diploma or higher in Computer Science, Information Systems or equivalent
• At least one industry recognized security certification is, such as Certified Information Security Management (CISM), Certified Information Systems Security Professional (CISSP), CEH, or CASP.
• 5+ years of experience in information security management specifically in application secured design and patterns (Cloud, Serverless, Containers), application and API security testing methodologies e.g. analysis and recommendation of rectifications using VAPT/WAPT/SAST/DAST/SCA, security architecture, infosec risk management, compliance and audits for Web, Mobile, API, and Cloud Native applications

Technical / Professional Skills

• Good working knowledge of security risk management, security governance framework and compliance (IT Security Audit / log review)
• Understanding of information security principles, IM8, PDPA, ISO 27001 controls, Center for Internet Security (CIS) controls, Cloud Controls Matrix (CCM) controls.
• Experience with application security, security technologies and automation tools, e.g., IAM, DevSecOps, CI/CD, IAC, application security, API Security, vulnerability scanners, security technologies (data/application protection & hardening, encryptions).
• Experience carrying out application penetration testing, vulnerabilities scanning, and security assessment, and security incident management with stakeholders.

Non-Technical / Soft Skills

• Senior stakeholder management and working across various parts of the organization
• Team player with good interpersonal, influencing skills
• Strong communication skills, both written and verbal

As Asia's leading technology services firm, NCS as part of the Singtel Group, aims to create sustainable value for all our stakeholders. We aspire to create the extraordinary, to impact millions of people every day, and to create a positive impact on our environment. Our sustainability strategy sets out the key Environmental, Social and Governance (ESG) areas that aim to create the NCS impact for our clients, our people and our future. 

We Grow our People, Value our Clients, and Create our Future.

We want to change the way we live and work for the better, to create new and sustainable business growth, and to foster an inclusive future for all.

You can find out more about our Group's sustainability focus to guide how you can contribute to our objectives at Sustainability Reports. 

About NCS Group

We believe in building a talent-led delivery model to enable our best people to lead, and to support them with the right structure, processes, and tools to ensure that our clients are delivered top quality services. Great work is never done alone, which is why we also believe in fostering a collaborative work environment where people with different expertise and talent can come together.

We're here to make the extraordinary happen.

Find out more at and our LinkedIn career site.

We handle all profiles with the highest level of confidentiality.