Reporting line: CIO and Founder
Location: Singapore (preferred; relocation possible) or Europe
The company operates as a global technology group at the intersection of education, research, and advanced digital infrastructure.
Its core focus is building a next-generation ecosystem that combines:
- AI-driven education platforms
- large-scale digital learning infrastructure
- research and innovation initiatives
- and scalable cloud-based technology solutions
Role overview
The Chief Information Security Officer will establish, lead, and scale a global cybersecurity function across a complex, distributed, multi-entity organization. This role goes far beyond compliance and “checkbox security” and is focused on real-world risk mitigation, resilience, and enabling business growth through pragmatic, well-architected security practices.
The CISO will act as a trusted executive advisor to the CIO, Founder, and Board, translating complex security risks into clear business language, supporting strategic decision-making, and embedding security deeply into product development, infrastructure, and company culture.
This is a highly hands-on and influential role, combining deep technical expertise with strong leadership, communication, and organizational skills.
Key responsibilities
- Define and execute a global cybersecurity strategy and multi-year roadmap aligned with business objectives, product strategy, and growth plans
- Build and own security governance, policies, and operating models across multiple legal entities and geographies
- Lead and scale Security Operations (SOC), threat intelligence, detection, and incident response capabilities, including preparedness for advanced persistent threats (APT) and large-scale incidents
- Design and implement modern security architectures across cloud and hybrid environments (AWS, Azure, GCP, on-prem), including Zero Trust principles and secure network access
- Establish and evolve secure SDLC practices, application security programs, and vulnerability management, including public or private bug bounty initiatives
- Define data classification, identity and access management (IAM), and privileged access frameworks across the organization
- Own business continuity planning (BCP), disaster recovery (DR), crisis management, and large-scale incident response readiness