Cyber Security Manager

Department: Information Technology

Reports To: Director of IT

Location: Southern Singapore

Employment Type: Full-Time

Position Summary

We are seeking a seasoned and strategic Cyber Security Manager to lead our cybersecurity efforts across a nationwide network of clubs. This role will oversee the protection of both application and network infrastructure, ensuring the confidentiality, integrity, and availability of systems and data. Day-to-day security operations are supported by a Managed Security Service Provider (MSSP), and the Cyber Security Manager will be responsible for governance, oversight, and continuous improvement of our security posture. All IT staff are centrally located, but manage IT services across all club locations.

Key Responsibilities

Security Strategy & Governance

• Develop and maintain a cybersecurity strategy tailored to the operational needs of clubs and resorts.
• Establish and enforce security policies, standards, and procedures across all locations.
• Act as the primary liaison between internal IT teams and the MSSP, ensuring alignment with business goals.

Security Operations Oversight

• Oversee daily security operations including threat monitoring, incident response, and vulnerability management in collaboration with the MSSP.
• Review MSSP reports and dashboards to ensure timely resolution of incidents and vulnerabilities.
• Coordinate internal escalation and remediation efforts based on MSSP findings.

Application & Infrastructure Security

• Ensure secure design and deployment of applications used for guest services, reservations, POS systems, and internal operations.
• Oversee network security across club locations, including firewalls, VPNs, and wireless access controls.
• Monitor and enforce security controls for cloud-based and on-premise systems.

Risk Management & Compliance

• Conduct periodic risk assessments and audits across club locations to identify and mitigate security risks.
• Ensure compliance with industry regulations and standards particularly CSA CyberTrust Mark (Perfomer Tier).
• Maintain and test disaster recovery and business continuity plans specific to hospitality operations.
• Coordinate with external vendors to plan and execute regular Vulnerability Assessments and Penetration Testing (VAPT) across all club locations. Review findings, prioritize remediation efforts, and ensure timely resolution of identified risks.

Vendor & MSSP Management

• Manage MSSP performance through SLAs, KPIs, and regular reviews.
• Coordinate MSSP onboarding, scope definition, and service optimization.
• Evaluate and recommend additional security vendors or tools as needed.

Team Leadership & Training

• Lead internal cybersecurity initiatives and mentor IT staff across club locations.
• Conduct regular Cyber Security Awareness briefings for employees, tailored to hospitality operations and data handling practices.
• Propose phishing simulation topics and coordinate with the subscribed vendor platform to execute phishing exercises across the organization.
• Draft and distribute Cyber Security Bulletins via email to all staff, highlighting current threats, best practices, and policy updates.
• Promote a culture of security and compliance throughout the organization.

Incident Response & Reporting

• Maintain and refine the incident response plan in collaboration with the MSSP.
• Lead internal investigations and coordinate with MSSP during major incidents.
• Report incidents and risk posture to senior leadership and regulatory bodies.

Qualifications

Education & Experience

• Bachelor's degree in Cybersecurity, Information Technology, or related field.
• Minimum 4 years of experience in IT security, with at least 1 year in a managerial role.
• Experience managing MSSPs or third-party security vendors, preferably in hospitality or multi-site environments.

Certifications (Preferred)

• CISSP, CISM, CEH, OSCP, or equivalent.

Technical Skills

• Strong understanding of network protocols, firewalls, IDS/IPS, endpoint protection, and SIEM platforms.
• Familiarity with secure SDLC, DevSecOps, and cloud security frameworks.
• Experience with hospitality systems such as PMS, POS, and guest Wi-Fi security.

Soft Skills

• Excellent communication, leadership, and stakeholder management skills.
• Strong analytical and problem-solving abilities.
• Ability to manage multiple priorities across geographically dispersed teams.

Key Performance Indicators (KPIs)

• MSSP SLA adherence and incident resolution metrics.
• Reduction in vulnerabilities and security incidents across club locations.
• Compliance audit results.
• Employee security awareness and training completion rates.
• Phishing simulation participation and improvement metrics.
• Engagement and feedback on Cyber Security Bulletins.
• Completion of the annual Vulnerability Assessment and Penetration Testing (VAPT).