Share this Job

Ref: 121633 - Associate Director, 3rd Party Risk Mgmt

Date: 09-Nov-2020

Location: Singapore, Singapore

Company: Singtel

Realise your full potential with Asia's leading communications group. While we take pride in our 140-year heritage, our philosophy is to always look forward and evolve. Today, we are a leader in cutting-edge ICT innovation and digital advances, powered by a vast network of offices in countries and territories across Asia Pacific, the Middle East, Europe and the USA. Come be a part of our dynamic organisation as we create the infocomms landscape of the future.



The Singtel Group is Asia's leading communications group providing a diverse range of services including fixed, mobile, data, internet, TV, infocomms technology (ICT) and digital solutions. The successful applicant will be joining Group IT as an Associate Director, Third Party Risk Management based in Singapore. 


Key Responsibilities:

  • Work with GGC Director to support the third-party security risk agenda of the Group CISO 
  • Develop and manage Third Party Risk Management Program incorporating third-party cyber risk management process and cyber security assessment methodologies using industry standards to safeguard Singtel Group information assets against cyber threats and risks.
  • Schedule, supervise and manage the cybersecurity risk assessment on Third Party Service Providers (TPSPs).
  • Perform cyber security assessments on TPSPs to provide Cyber Security Risk Committees (CSRC) oversight on cyber security risks of TPSPs.
  • Communicate identified cybersecurity risks of TPSPs to Business Unit stakeholders and provide the required risk advisory to assist the stakeholders to make the appropriate decision to address the identified risks.
  • Monitor all identified cyber security risks of systems or services (operated or managed by TPSPs) to ensure they are addressed within agreed timelines and update the Business Owners periodically.
  • Provide regular reporting to CSRC on security postures of TPSPs.
  • Review the reports of TPSP assessment carried out by the team members and provide guidance to them for improve team performance.
  • Develop overseas travel plan for each financial year outlining the schedules, budgets and TPSP locations for cybersecurity risk assessment.
  • Provide assessment findings and risk trends of TPSPs to Policy & Awareness team for sharpening the standards and guidelines.
  • Work with Group Legal, Risk and Procurement to ensure that TPSP Cybersecurity Risk Management Program remains relevant to each Business Units.


The ideal candidate should have: 

  • Bachelor Degree in Computer Science, Computer Engineering, Electrical Engineering or other relevant field of study (Candidates without degree but has relevant experience will also be considered.)
  • Minimum 4 years of practical experience in third-party / vendor risk management.   
  • Minimum 8 years of experience as an Information Security Professional
  • Experience working as part of an internal Audit, Governance and Compliance team.   
  • Advanced understanding in the following areas: Platform Security, Data Security, Network Security, Physical Security, Security Assessment Tools, Security Monitoring Tools.   
  • Advanced understanding in the following areas: Security Governance Standards, Business Continuity Planning, Enterprise Risk Management, Computer Security Incident Response, and Security Compliance Audits.  
  • Good analytical and communication skills.
  • Ability to work as a team member and independently with minimal supervision.
  • Have exposure to other compliance audits such as PCI-DSS, SSSAE, ISO27K, SOX, and other information security framework    


If this description is exciting and you feel that you have the necessary skills and experience to make a difference, then please follow the link to apply. For more information on this and other opportunities please refer to our careers portal under


Let’s shape a better world through technology. Join us to lead the change.

Note to Recruitment Agencies

In sourcing for candidates for particular roles, the Singtel Group works only with a panel of selected recruitment agencies expressly engaged under written agreements. Even then, these agencies are only activated from time to time for specific recruitment exercises for particular roles under instructions expressly issued by a member of the Singtel Talent Acquisition team.

Except under such circumstances, no agency shall source or attempt to source any candidates for the Singtel Group. The Singtel Group will not pay nor be obliged or liable to pay any recruitment fees of any kind whatsoever to any agency where candidate CVs are submitted to the Singtel Group by such agency on an unsolicited or speculative basis.

The Singtel Group reserves all rights to directly contact any candidate to which such CVs relate without any obligation or liability whatsoever to the agency concerned (including without limitation any obligation or liability to pay any recruitment fees of any kind).