Information Security

Company Introduction

Lexagle is a Singapore-headquartered legal tech company dedicated to

transforming how businesses manage their contracts and legal workflows.

We value innovation, security, and collaboration, ensuring our technology

and operations meet the highest standards of compliance and trust.

Position Overview

We are seeking an experienced and highly motivated Information Security &

IT Asset Manager to lead our organisation's efforts in protecting both

physical and IT assets, managing our security posture and preparing for key

security certifications such as ISO 27001 and SOC 2. This role will oversee

the day-to-day management of IT assets, physical asset security, liaise with

external auditors, coordinate audits and certifications, and continuously

improve our security controls across the company. The ideal candidate is

proactive, detail-oriented, and able to work with stakeholders across the

business.

Responsibilities

 Establish and maintain a comprehensive IT asset inventory (hardware,

software, peripherals, mobile/endpoint devices), including lifecycle

tracking, procurement coordination, disposal, and security controls.

 Oversee physical asset security measures (office access controls,

hardware storage/transportation, secure disposal of devices) and

collaborate with facilities/security teams.

 Develop, implement, and maintain information security policies,

standards, and procedures aligned to ISO 27001 framework and other

relevant standards (e.g., SOC 2).

 Drive the preparation, execution, and monitoring of internal audits,

readiness assessments, and external certification audits (ISO 27001, SOC

2), including coordinating with external auditors, tracking non-

conformances, and corrective actions.

 Conduct periodic risk assessments specific to IT assets and physical

assets; identify vulnerabilities and recommend mitigation strategies.

 Monitor security controls across IT infrastructure (network, endpoints,

access controls, cloud services, physical devices), and collaborate with IT

operations to ensure controls are enforced and maintained. Serve as the primary point of contact for external auditors and

certification bodies; ensure audit logistics, documentation, and

stakeholder readiness.

 Maintain and report on security metrics, audit readiness status, non-

conformity remediation progress, and asset security posture.

 Promote security awareness and training across the company (physical

security hygiene, asset handling, information security best practices).

 Work cross-functionally with IT, Legal/Compliance, HR, Facilities, and

Finance to integrate security and compliance controls into business

operations.

 Support incident response efforts related to asset theft/loss, physical

security breaches, or IT security events; participate in post-incident

review and prevention efforts.

 Stay up to date with information security trends, certification

requirements, audit practices, and regulatory developments; advise

leadership on security improvements.

Basic Qualifications

 Bachelor's degree in Information Technology, Computer Science,

Information Systems, Cybersecurity, or related field (or equivalent

experience).

 Minimum of 3–5 years' experience in IT asset management, information

security, compliance/audit preparation, or related field.

 Strong understanding of ISO/IEC 27001 and audit/certification processes

(preparation, internal audit, external audit).

 Demonstrated experience managing IT assets, securing

hardware/software lifecycles, and applying security controls to physical

and digital assets.

 Excellent stakeholder management and communication skills; ability to

coordinate across departments and liaise with external auditors.

 Good analytical and risk assessment skills; ability to identify

asset/security risks and propose practical mitigation.

 Proficiency in documenting policies and procedures, tracking audit

findings, and managing corrective action workflows.

 Proven ability to work independently and take ownership of security

initiatives.

Preferred Qualifications

 Professional certifications such as CISSP, CISM, CISA, ISO 27001 Lead

Implementer/Auditor.

 Experience with SOC 2 or similar attestation frameworks.

 Prior involvement in obtaining or maintaining ISO 27001 certification or

similar.

 Experience working in a fast-paced or start-up environment. Familiarity with cloud services/infrastructure security, endpoint/mobile

device security.

Job Type: Full-time

Work Location: Hybrid remote in Singapore 369585