The Information Security Manager reports to the SVP of Infrastructure. This role will support the implementation of Toku’s security strategy. He/she ensures that Toku’s systems and networks meet the company’s security requirements and are periodically updated to address any security vulnerabilities. He/she responds to events and assesses whether these are security incidents and the severity levels of security incidents.

• Designing, driving and implementing a security strategy that supports the corporate objectives and Toku’s overall growth while efficiently securing Toku’s data and critical assets.
• Providing challenge and assessment of potential technology risks including information and cyber security control weaknesses.
• Introducing security best practices, and providing sound recommendations as well as strategic directions to increase the effectiveness of Toku’s organization and offering.
• Managing security projects and providing guidance on security matters for other projects.

• Assisting and guiding the disaster recovery planning team in the selection of recovery strategies and the development, testing and maintenance of disaster recovery plans.
• Ensuring audit trails, system logs and other monitoring data sources are reviewed periodically and are in compliance with policies and audit requirements.
• Designing, coordinating and overseeing security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks.
• Working as a liaison with vendors and the legal and procurement departments to establish mutually acceptable contracts and service-level agreements.
• Helping various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.

• Serving as an active and consistent participant in the information security governance process.

We would love to hear from you if you have:

• Degree in Computer Science or a technology-related field
• Possess at least 5 years of relevant work experience.
• Professional information security certification such as CISSP, CISA, CISM, GCIH, etc.
• Proven experience in information security and security operations.
• Solid knowledge of various information security technologies including browser isolation, VPN, DDOS mitigation technologies, firewall, and intrusion detection/prevention systems, endpoint security, cloud security, etc.
• Coordinate the continuous development, implementation and updating of security and privacy policies, standards, guidelines, baselines, processes, and procedures in compliance with Singapore regulations and standards.
• Identify acceptable levels of residual risk and assist with action plans, policy, and procedural changes for risk mitigation.
• Outstanding organizational, analytical, and troubleshooting skills
• Excellent written and oral business communication skills, and ability to educate a non-technical audience about various security measures.
• Knowledge and experience with networking concepts, protocols, and services.
• Knowledge and experience in setup, maintenance, and security of Windows and Linux operating systems.
• Experience in ISO27001, SOC2, and CSA STAR certifications preferred

What would you get?

• Hybrid working arrangements
• Training and Development
• Discretionary Yearly Bonus & Salary Review
• Healthcare Coverage based on location
• 20 days Paid Annual Leave (excluding Bank holidays)

If you would love to experience working in a start-up growing at an accelerated speed, and you think you tick most of the requirements, come join us!