Director (Cyber Exposure Management

Apply now »

Date: 28 May 2026

Location: Singapore, Singapore

Company: Singtel Group

At Singtel, we believe in the strength of a vibrant, diverse and inclusive workforce where backgrounds, perspectives and life experiences of our people help us innovate and create strong connections with our customers. We strive to ensure all our people practices are non-discriminatory and provide a fair, performance-based work culture that is diverse, inclusive and collaborative. 

 

Join us and experience what it’s like to be with an Employer of Choice*. Together, let’s create a brighter digital future for all. *Awarded at the HR Fest Awards 2020.

 

Make an Impact by:

Strategic leadership:

  • Define and execute enterprise Cyber Exposure Management strategy and roadmap.
  • Establish a risk-based exposure management framework aligned with business objectives.
  • Lead cyber-attack surface reduction initiatives across organization.
  • Drive continuous improvement in cyber posture visibility and exposure reduction capabilities.
  • Develop executive-level cyber risk reporting and metrics.

 

Leadership & Team Management:

  • Build, lead and mentor high-performing team.
  • Manage budgeting, capability development and vendor relationships.
  • Establish operational Key Performance Indicators and performance metrics.
  • Foster collaboration across system owners, business, Regulatory, Data Governance, Risk Management, and broader Cybersecurity team.

 

Executive Reporting & Stakeholder Engagement:

  • Present cyber exposure trends and risk posture to executive leadership and governance committees.
  • Translate technical cyber risks into business impact language.
  • Support board-level cybersecurity reporting.
  • Drive measurable compliance improvement across enterprise.
  • Influence enterprise prioritization of remediation investments.

 

Technology & Platform Oversight:

  • Service ownership and continuous optimization of
    • Vulnerability Management platform.
    • Exposure Management including residual risk management platform.
    • Attack Surface Management platform.
    • Cloud Security Posture Management platform.
    • Vulnerability Disclosure and Bug Bounty platform.
  • Drive automation and orchestration for end-to-end cyber exposure management workflows including but not limited to:
    • Integration with IT Service Management Incident Management.
    • Integration with IT Service Management Configuration Management Database.
    • Integration with Security Incident & Event Management.
    • Integration with Security Orchestration, Automation and Response.
    • Integration with Threat Intelligence platform.
  • Evaluate emerging technologies and exposure management innovations.

 

Cyber Exposure Management Service Portfolio:

  • Establish governance processes for remediation prioritization and Service Level Agreement management.
  • Define policies, standards, and operational procedures for exposure management.
  • Ensure solutions and operating models are aligned with industry best practices and recommendation whilst meeting organization and regulatory requirements.
  • Define, document, communicate and ensure service’s Recovery Time Objective (RTO) and Recovery Point Objective (RPO) are met.
  • Partner with Business Units’ IT asset management and quality assurance team on the completeness of asset visibility and criticality classification.  Establish governance, standard operating procedures & escalation procedures to bridge gaps related to asset visibility, classification and ownership.
  • Support system hardening and compliance verification.
  • Incorporate threat intelligence and mitigating controls into exposure prioritization processes.
  • Drive risk-based remediation strategies focusing on:
    • Exploitability
    • Threat actor profile and activity
    • Business impact
    • Operational criticality
  • Collaborate with Cyber Defence Operations and Incident Response teams on emerging threats and active exploitation.
  • Support regulators’ queries on exposure metrics:
    • Presenting independent and validated up-to-date exposure metrics including residual risks to impacted system owners. 
    • Impacted system owners shall provide associated milestones and timeline responses back to Singtel regulatory team

 

Skills for Success:

  • Degree in Cyber Security, Computer Science, Computer Engineering, Electrical Engineering or other relevant field of study.
  • Professional security management certifications such as Certified Information Systems Security professional (CISSP), specialised SANS certifications, or other similar credentials, is required.
  • Minimum 10 years of practical experience in Cyber Security organisation or equivalent environment with strong experience in Cyber Exposure Management.
  • Minimum 5 years of practical experience on Cyber Exposure Management.
  • Experience in the following:
    • Vulnerability Management.
    • Exposure Management including residual risk.
    • Attack Surface Management.
    • Vulnerability Disclosure & Bug Bounty programme.
  • Ability to build, lead and mentor high performance team.
  • Orchestrate across cross-functional teams, make sound decisions under pressure, and manage expectations.
  • Strong leadership, decision-making, communication, and problem-solving capabilities.
  • Good understanding of cyber security analysis models such as MITRE ATT&CK framework, Cyber Kill Chain and Diamond Model.
  • Good understanding of established cyber exposure management frameworks and best practices.

 

Are you ready to say hello to BIG Possibilities?

 

Take the leap with Singtel to unlock new opportunities and accelerate your growth. Apply now and start your empowering career!