Digital Treasures Center Pte. Ltd. logo

Head Of Security

Digital Treasures Center Pte. Ltd.

D01 Marina, Raffles Place, People's Park, CecilPermanentS$16,000 – S$23,000/mo

Posted 14 Jul 2026

About this role

1. Security Testing & Programme Leadership Design, plan, and execute full-scope security testing engagements (network, application, cloud, social engineering awareness, physical) against dtcpay's production and pre-production environments. Develop and maintain simulation and testing plans aligned with recognised industry frameworks and regulatory threat intelligence guidance (e.g. MITRE ATT&CK-informed methodology, TIBER-EU, MAS TPRM). Lead collaborative exercises with the Security Operations team and internal defence functions to validate detection and response controls. Manage the end-to-end vulnerability disclosure programme, triaging findings and coordinating remediation timelines with engineering. Maintain the security testing infrastructure and tooling to production-safe standards. 2. People & Team Management Hire, mentor, and retain a high-performing team of Security Testing Specialists, Penetration Testers, and Threat Intelligence Analysts. Define career paths, training budgets, and certification goals (e.g. OSCP, OSED, CRTO, PNPT, GXPN). Foster a culture of continuous learning, responsible disclosure, and professional ethics. Conduct regular skills assessments and rotate team members across specialisations (web, mobile, OT/IoT, cloud). 3. Technology Risk Management & Governance Translate security testing findings into structured risk statements aligned with dtcpay's enterprise risk framework (ISO 31000, NIST RMF). Interface with the GRC team to update the risk register, contribute to board-level risk dashboards, and provide evidence of remediation for auditors. Define and track KPIs / KRIs for the security testing function: mean time to detect (MTTD), mean time to respond (MTTR), and risk-exposure-reduction metrics. Participate in third-party and supply-chain risk assessments for critical technology vendors. Represent the security testing function in change-advisory and architecture review processes. 4. Regulatory Compliance & Privacy Requirements Ensure all security testing activities are conducted within legal and regulatory boundaries across all operating jurisdictions, including obtaining appropriate written authorisations. Advise on security controls required to meet obligations under MAS TRM, PDPA, GDPR, UK GDPR, PDPD, and related frameworks. Collaborate with Legal and the DPO to ensure any personal data encountered during testing is handled, minimised, and destroyed in compliance with applicable data-protection laws. Contribute to regulatory engagement: respond to MAS, ICO, and supervisory authority queries; prepare evidence packs for technology-risk examinations. Track regulatory developments and proactively update engagement rules of engagement and testing policies. 5. Reporting & Stakeholder Communication Produce executive-level and technical reports with clear risk ratings (CVSS, DREAD), business-impact narratives, and prioritised remediation roadmaps. Present findings to the CISO, CTO, and Risk Committee; tailor communication to both technical and non-technical audiences. Maintain a historical findings database to trend residual risk over time and demonstrate programme maturity. What We're Looking For 8+ years of hands-on security testing experience, with at least 3 years in a team leadership or management capacity. Demonstrated expertise in simulation-based security testing and penetration testing across web applications, cloud (AWS/Azure/GCP), mobile (iOS/Android), APIs, and internal networks. Proven experience operating within a regulated financial-services or payment-industry environment. Deep working knowledge of MAS TRM Guidelines, UK GDPR / FCA Operational Resilience, GDPR, and DORA. Proficiency in industry-standard security testing tools and frameworks, including custom tooling development (Python, C#, PowerShell). Familiarity with cloud-native security risks (IAM misconfiguration, SSRF, container escape, serverless exposure). Exceptional written and verbal communication; ability to present technical risk findings to senior executives and board members. Bachelor's degree or higher in Computer Science, Information Security, or equivalent. Preferred Certifications Technical Security Testing: OSCP / OSED / OSWE / OSMR, CRTO / CRTE, GXPN, PNPT, CCT INF / CRT Governance & Risk: CISSP, CISM, CRISC, CDPSE, CIPP/A or CIPP/E Cloud: AWS Security Specialty, Azure Security Engineer, Google PCSE Preferred Experience Experience with TIBER-EU or iCAST (MAS Intelligence-led Cyber Attack Simulation Tes…

What they're looking for

Security AdministrationTechnology Risk ManagementSecurityDefense

About Digital Treasures Center Pte. Ltd.

Industry: Financial & insuranceWebsite ↗

Frequently asked questions

What does a Head Of Security at Digital Treasures Center Pte. Ltd. do?

1. Security Testing & Programme Leadership Design, plan, and execute full-scope security testing engagements (network, application, cloud, social engineering awareness, physical) against dtcpay's production and pre-production environments. Develop and maintain simulation and testing plans aligned wi…

What skills does this Head Of Security role need?

Key skills for this role include Security Administration, Technology Risk Management, Security, Defense.

How much does a Head Of Security at Digital Treasures Center Pte. Ltd. pay?

This role lists a salary of S$16,000 – S$23,000 per month.

Is this Head Of Security role remote, hybrid, or on-site?

The listing is based in D01 Marina, Raffles Place, People's Park, Cecil. Check the posting for remote or hybrid options.

How do I apply for this Head Of Security role?

You can apply directly on Digital Treasures Center Pte. Ltd.'s careers page. ApplyLah can tailor your résumé and cover letter to this exact role in seconds first.