​We are looking for a passionate and professional Deputy Director to join our Security Governance, Risk and Compliance team.

Based in Singapore and reporting to the Chief Business Technology Officer, the incumbent protects the organization's digital assets, sensitive data, and gaming systems while ensuring regulatory compliance, managing audit relationships, embedding a security-first culture across all technology initiatives and provide governance and check-and-balance function over security architecture implementations.

This role collaborates with various departments across Business Technology division, company Risk & Compliance team and Gambling Regulatory Authority.

What You'll Do

  • Information Security Management & Governance: You will define and enforce information security policies, standards, and controls; conduct risk assessments; ensure adherence to security frameworks (ISO 27001, NIST CSF); maintain WLA Level 4 certification compliance.
  • Security Design Review & Validation: You will conduct independent security review of architecture designs and solutions; validate that security principles are properly embedded; ensure security controls are implemented correctly; work with Enterprise Architecture on secure-by-design implementations.
  • Data Protection & Privacy: You will establish data protection and privacy governance aligned with PDPA, GDPR (if applicable), and industry standards; manage data classification, retention, and disposal; support the Data Protection Officer (PDPO) functions.
  • Compliance Management: You will ensure Business Technology division complies with Singapore Pools' regulatory obligations (gaming regulations, anti-money laundering, responsible gaming); maintain compliance with relevant frameworks (ISO 27001, SOC 2, PCI-DSS where applicable); lead compliance audits; track and maintain WLA Level 4 certification.
  • Check & Balance Function: You will provide independent oversight of IT Security Operations; ensure controls are appropriate and effective; audit security practices and configurations; validate that Infrastructure team's security operations meet policy requirements.
  • Risk & Compliance Coordination: You will serve as single point of contact between Business Technology and company-wide Risk & Compliance teams; coordinate risk assessments, compliance reviews, and regulatory reporting.
  • Audit Relationship Management: You will lead all Business Technology -related audit activities (external audits, internal audits, regulator inspections); manage audit responses and remediation tracking.
  • Incident Management & Response: You will lead incident response for security events; ensure proper documentation and regulatory reporting; drive post-incident learning; coordinate with Infrastructure on technical incident response.
  • Business Continuity and Disaster Recovery Compliance: You will partner with Infrastructure team to ensure BCDR plans meet security and compliance requirements.
  • You will build long-term working relationships across departments / sections and promote cross team collaboration.
  • You will oversee the employee management process for the team (e.g. staffing decisions, coaching, development, evaluation).
  • You will manage, coach and mentor the team and support an environment in which all personnel can develop and apply their skills to meet individual and department goals.
  • You will set performance targets and evaluate delivery against targets, counsel staff in career / performance development.
  • You will enforce / ensure corporate and department standards, policies and guidelines within the team.
  • You will work closely with Chief Risk & Compliance (CRC) as Business Technology Business Partner to establish collaboration and partnership between Business Technology and R&C to ensure operational compliance and stability.
  • You will position SPPL as the thought leaders in Information Security, Data Protection, Risk and Compliance.
  • You will create Information Security and Data Protection as competitive advantage.
  • You will represent Business Technology in Technology Committee to drive and build confidence in how SPPL is securing their data and information.


Who You Are

  • You have a Bachelor's degree in Computer Science / Engineering, Information Science or related IT Discipline.
  • You have 10-12 years of proven experience in managing IT Security issues, policies and procedures, with at least 8 years of experience in an enterprise of a size comparable to Singapore Pools.
  • You have proven experience regarding Information Security Management System (ISMS) in compliance with BS7799 / ISO27001 or WLA or other standards.
  • You have strong understanding and keen interest in the latest technological trends and IT Security developments impacting businesses.
  • You have professional certifications such as CISSP, CISM, CISA.
  • You make sound, logical and data-based decisions on complex issues and problems, fully considering the risks involved.
  • You react quickly and make decisions in a fast-paced environment impacting people, process and technology.
  • You possess keen awareness and capabilities to anticipate potential threats across the enterprise.
  • You have extensive experience around information security management and governance.
  • You have knowledge of various security methodologies and processes, and technical security solutions, Security architecture and design review.
  • You have extensive knowledge of:
    • data protection and privacy regulation (PDPA, GDPR)
    • Compliance frameworks (ISO 27001, NIST, SOC 2, PCI-DSS)
    • Gaming and gambling regulations (WLA certification requirements)
    • Risk management and audit experience
    • Incident response and forensics
  • You have strong analytical and documentation skills.
  • You are able to manage influence through persuasion, negotiation and consensus building.
  • You have outstanding communication and interpersonal skills.
  • You are able to look at the big picture and visualize a mid and long-term information security and data protection strategy to support the business.
  • You are able to lead, coach and motivate team.
  • You are a strong relationship builder to develop solid connections with C-level and senior business leaders.


Benefits

  • Competitive salaries
  • Flexi Benefits
  • Staggered working hours
  • Medical Insurance
  • Learning & Development Opportunities

Singapore Pools welcomes you not for how you look, where you come from, or differences you may have. We want you here for who you are. Diversity at the company helps us see a greater picture represented by different voices, helping us in contributing back to the society. So, feel free to express who you are, and be proud of your heritage and personal experience as you begin your journey with us!

Singapore Pools was established by the Government on 23 May 1968 to provide safe and trusted betting to counter illegal gambling. As a not-for-profit organisation, all of Singapore Pools' surplus is channeled to Tote Board to fund a wide range of causes in social service, community development, sports, the arts, education and health. Currently, Singapore Pools contributes about $2 billion annually to the Government in the form of taxes and duties, and for the funding of good causes.

If you are interested, please email to P&C@singaporepools.com.sg. We will reach out to shortlisted candidates for further career conversations.