Manager, Security Operations

What will your role look like? 

As a Security Operations Manager, you will lead security operations for both our national healthcare platform (e.g., BruHealth) and AWS infrastructure. Your responsibilities will include day-to-day threat monitoring, incident response, vulnerability management, and compliance. You will also play a key role in driving our AI security governance, covering areas such as threat modeling, security testing, and regulatory alignment (e.g., MIB). This is a strategic yet hands-on leadership position.

This role reports to the Head of Security and is based in Brunei Darussalam.

Key responsibilities:

Security Operations (Cloud & Application):

• Lead daily security monitoring and incident response across AWS and application environments.
• Oversee the preparation of weekly and monthly security reports for internal and government stakeholders.
• Coordinate with CSB and internal teams for vulnerability scanning, remediation, and penetration testing.
• Manage security infrastructure, including WAF, IDS/IPS, EDR, and firewalls.
• Collaborate with backend and DevOps teams to implement security best practices within CI/CD and production pipelines.

AI Security & Governance:

• Drive threat modeling, risk assessments, and security reviews for AI systems and LLMs.
• Develop and implement security testing for AI, such as adversarial testing and prompt injection detection.
• Ensure MIB and other regulatory compliance related to AI and healthcare data governance.
• Implement and oversee DLP (Data Loss Prevention) strategies across AI and sensitive data workflows.

Leadership & Collaboration:

• Manage and grow a team of security engineers and analysts.
• Work closely with legal, compliance, engineering, and product teams to uphold security policies and compliance.
• Coordinate with vendors and security consultants for assessments, red teaming, and managed services.
• Maintain clear documentation of incident response procedures, postmortems, and continuous improvements.

Qualifications & Requirements:

• Minimum 5 years of experience in cybersecurity, with at least 2 years in a leadership or managerial role.
• Strong command of AWS security tools and concepts (e.g., IAM, CloudTrail, GuardDuty, Shield, WAF).
• Prior experience securing AI/ML systems, APIs, and data pipelines is highly advantageous.
• Familiar with industry-standard compliance frameworks (e.g., MIB, HIPAA, ISO 27001).
• Solid understanding of DLP technologies, risk management, and vulnerability management.
• Strong leadership, communication, and documentation skills.
• Mandarin-speaking ability is a plus.
  

Travel Requirements: 

Minimal to no travel is required for this role.

What skills do you need?  

Human skills 

• Strong communication and collaboration skills to engage effectively with cross-functional teams, leadership, and external stakeholders. 
• Proactive, self-driven, and able to work independently with minimal supervision.
• Sharp analytical thinking and sound judgment in high-pressure situations.
• Highly organized with excellent prioritization and time management abilities.
• Strong attention to detail, with a structured approach to managing multiple tasks.
• Ethical, adaptable, and committed to maintaining confidentiality and integrity in all security matters.

 Base technical skills 

• Basic understanding of cybersecurity practices such as data protection, access control, and threat detection.
• Able to support or manage security tools like antivirus, firewalls, or monitoring systems.
• Comfortable with using cloud platforms (like AWS) and understanding basic security settings.
• Familiar with handling or supporting security incidents and following response steps.
• Good with using computers, mobile devices, and common IT systems.
• Experience working in the healthcare or health tech sector is a bonus.