Assistant Information Security Manager

About FWD Group

FWD Group is a pan-Asian life and health insurance business that serves approximately 30 million customers across 10 markets, including BRI Life in Indonesia. FWD’s customer-led and tech-enabled approach aims to deliver innovative propositions, easy-to-understand products and a simpler insurance experience. Established in 2013, the company operates in some of the fastest-growing insurance markets in the world with a vision of changing the way people feel about insurance. FWD Group is listed on the Main Board of The Stock Exchange of Hong Kong Limited under the stock code 1828.

For more information, please visit www.fwd.com

In Singapore, FWD aims to change the way people feel about insurance by leveraging technology to deliver products and services that are relevant, easy to understand and always convenient for our customers. To this end, we have a direct-to-consumer (DTC) platform that allows customers to buy their preferred life and general insurance products directly from our website; as well as a network of preferred Financial Advisory (FA) firms for customers who want to speak with an advisor before committing to an insurance plan. Whatever their preference, we believe insurance should be simple, reliable and convenient.

If you are looking for a career where you can create a real impact and celebrate living, we invite you to join us on our exciting journey.

PURPOSE

This role is part of FWD Singapore Information Security team, reporting to the local Business Information Security Officer. It involves working with the FWD Group Information Security Team and local Singapore stakeholders to identify, manage information security risks, strengthen information security controls and compliance in FWD Singapore.  

KEY ACCOUNTABILITIES

• Collaborate with various teams to ensure information security tools and monitoring systems comply with internal security policies and external regulatory requirements.
• Review and analyze periodic vulnerability scan reports; coordinate with relevant stakeholders to ensure timely remediation of identified risks. Monitor the deployment status of security patches, updates, document and manage exceptions across systems.
• Assess system hardening configurations and work with stakeholders to address gaps. Track compliance, document and manage exceptions.
• Collaborate with various teams to review user access for IT systems.
• Interpret data from information security tools and follow up with responsible teams to ensure appropriate remediation actions are taken.
• Ensure the accuracy and completeness of security metrics by collaborating with internal teams and stakeholders.
• Support and coordinate with the Group Information Security Team on strategic initiatives and ongoing security projects, new tool implementation, security assessments, and audits.
• Partner with business functions to promote cybersecurity awareness and deliver training programs to enhance employee understanding of security best practices.
• Perform other Information Security-related tasks and responsibilities as assigned.

QUALIFICATIONS / EXPERIENCE

• Diploma or Degree in IT, Computer Science, Cybersecurity or equivalent
• At least 5 years experience in information security or related fields.
• Relevant certifications (e.g. CISSP, CISM, CEH) or strong desire to obtain those certifications are advantageous.

KNOWLEDGE, SKILLS & ABILITY

• Strong analytical skills, attention to detail, and problem-solving abilities.
• Good understanding and hands-on exposure with different information security domains, especially governance, risk and compliance.
• Experience and knowledge of risk management process, identity and access management, gap assessment and audit, security vulnerabilities, system hardening, and cloud security.
• Sound knowledge of Information Security management frameworks and guidelines such as ISO 27001, NIST, PCI-DSS, CIS baselines & best practices.