Technology keeps critical social services running for individuals and families across Singapore. We're looking for someone to own the operational backbone of three core enterprise systems, keeping them reliable, secure, and compliant. This is a hybrid role spanning product operations and product management What you'll do: Own the end-to-end security patch and vulnerability management cycle across all three systems — tracking patch timelines, coordinating with vendors, and keeping to the regular vulnerability assessment and host configuration review schedules. Manage production support across HCIS, RPG-ECRM, and ESMS — triaging tickets, driving resolution, maintaining tracking records, and escalating high-impact issues appropriately. Run the full compliance review calendar, covering monthly cloud tenant reviews, user access reviews, privileged account reviews, and annual risk register, script, and role access reviews, among others. Manage vendor relationships on security and technical matters — facilitating discussions, negotiating timelines, reviewing proposed resources, and tracking all commitments through to resolution. Handle contract and resource tracking under our managed services contracts, including certificate renewals, utilisation records, and inventory management. Support the Senior Product Manager on product activities: grooming the backlog, tracking roadmap milestones, coordinating UAT, and preparing release notes and stakeholder communications. Running structured, disciplined operations across a complex, multi-system environment. Maintaining accurate records, flagging risks early, and keeping the Senior Product Manager informed without needing to be chased. Organising and facilitating monthly meetings, following through on action items, and holding vendors accountable to their commitments. Translating what you see in support tickets and stakeholder interactions into clear, actionable inputs for the backlog, and helping the team stay on top of delivery milestones. Who we're looking for: A proactive, organised IT professional who takes ownership of their work and communicates issues clearly and promptly. 3 to 6 years of experience in IT operations, systems management, or a related field (a rough guide, not a hard requirement). Hands-on experience with security compliance and governance — patch management, access reviews, and audit support in an enterprise environment. Comfortable managing multiple workstreams at once without dropping the ball on any of them. Experience engaging directly with application and infrastructure vendors on technical or security matters, and the confidence to hold them to account. A clear communicator in writing and in person, with sound judgement on when to escalate and when to resolve independently. Familiarity with enterprise middleware, cloud platforms such as the Government Commercial Cloud (GCC), and IT audit processes is a strong advantage. Prior exposure to product management practices — backlog management, roadmap tracking, UAT coordination — would set you apart. Experience with government IT systems or public sector compliance requirements is a plus.