Information Security & Compliance Officer

  • Cyber Security
  • Remote job

Information Security & Compliance Officer

Job description

Information Security & Compliance Officer


Toku’s mission is to help companies engage with their customers efficiently. We have helped companies move all the voice communications to the cloud and recently embarked on creating products that help companies keep engaging with their customers no matter where their employees are working from.

Toku is currently getting into a scale-up mode. We want to continue creating momentum for our products in the APAC regions and helping customers with their communications needs. As we build the Operations foundation, we are looking for an experienced Information Security & Compliance Officer who can help with Toku’s Information Security strategy and enhance a security program that identifies and addresses security and privacy risks and security requirements. Want to be part of our journey?


What you will be doing?

You will report to our Head of Operations. Your responsibilities will include performing reviews, assessments, and audits, conducting research, and facilitating communication to internal and external stakeholders where necessary. You will be expected to monitor, coordinate, and implement policies, standards, procedures, controls, and guidelines to support security, compliance, and audit requirements.

If making an impact every day is important to you, and you enjoy tackling new challenges, you will love working at Toku.


What would you be responsible for:

  • Oversee the information security programs including data protection, risk management, and compliance testing
  • Improve existing compliance programs and processes.
  • Develop, review, and modify information security and privacy policies.
  • Design and execute audit procedures to assess and measure company compliance with its security policies and procedures.
  • Monitor advancements in information privacy laws to ensure organizational adaptation and compliance.
  • Evaluate security incidents for violations of privacy principles or legal standards.
  • Manage compliance testing and monitoring of current and future regulatory obligations, and other regulatory matters as required.
  • Conduct internal security risk assessments and security compliance audits.
  • Establish IT security audit procedures relevant to PDPA (Singapore), SOC2, ISO27001
  • Develop materials and tools to effectively communicate compliance and corporate requirements.
  • Develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
  • Collect, analyze, and prepare reports required for senior management, regulators, and other relevant stakeholders.
  • Document, investigate, and report cybersecurity compliance issues and incidents, where necessary.
  • Lead the escalation and resolution of risk and compliance issues with appropriate stakeholders.
  • Develop and maintain a vendor security and compliance program.
  • Assist the sales team in responding to RFPs and security questionnaires; maintain a library of security and compliance RFP responses.



Job requirements

We would love to hear from you if you have:

  • Degree in Computer Science or a technology-related field
  • 5+ years of IT experience with a focus on security and compliance.
  • Experience with IT governance, risk, and compliance management.
  • Experience coordinating tasks to complete third party assessments.
  • Experience writing policies, procedures, and controls in one or more standards/frameworks.
  • Knowledge of computer networking concepts and protocols and network security methodologies.
  • Knowledge of risk management processes.
  • Knowledge of cyber threats and vulnerabilities.
  • Experience with Risk Management in both a compliance and security context.
  • The ability to work in a fast-paced environment and the skills to deal with ambiguity.
  • Ability to handle multiple competing priorities.
  • Ability to work well under minimal supervision.
  • Professional information security certification like CISSP, CISM, or other relevant security-related designation would be an advantage.


What would you get?

  • Flexible working locations
  • Training and Development
  • Discretionary Yearly Bonus & Salary Review
  • Healthcare Coverage based on location
  • 20 days Paid Annual Leave (excluding Bank holidays)

If you are keen to work in a start-up growing at an accelerated speed, and you think you tick most of the requirements, come join us!