Jobfoundry
Jobfoundry
PwC

Information Security Manager - Cyber Risk & Regulatory

PwC
ConsultingSingapore - Marina One, SingaporeOnsitePosted 3 weeks ago
Apply on company site

About the role

The Information Security Manager oversees the protection of enterprise data and manufacturing technology assets within a semiconductor foundry environment. This role is responsible for developing security frameworks, managing incident response, and ensuring compliance with global standards like ISO 27001 to safeguard critical intellectual property and production systems.

ConsultingOnsite

Key Responsibilities

  • Lead the design and implementation of an enterprise-wide information security strategy and governance framework
  • Oversee the day-to-day operations of the security team including threat monitoring and incident response
  • Conduct regular security audits and vulnerability assessments of both corporate and manufacturing networks
  • Collaborate with IT and engineering teams to ensure security is integrated into the SDLC and fab automation workflows
  • Manage the security awareness program to educate employees on phishing and social engineering threats
  • Develop and maintain the business continuity and disaster recovery plans for critical information systems
  • Evaluate and manage security risks associated with third-party vendors and supply chain partners
  • Prepare and present security posture reports and risk metrics to the senior leadership team
  • Manage the information security budget and oversee the selection of security vendors and tools
  • Lead forensic investigations into security breaches and coordinate remediation efforts

Requirements

  • Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or a related technical field
  • Professional security management certification such as CISSP, CISM, or CISA
  • 7+ years of experience in information security with at least 3 years in a leadership or management role
  • Deep understanding of security frameworks such as ISO/IEC 27001, NIST CSF, and SOC 2
  • Experience securing industrial control systems (ICS) and Manufacturing Execution Systems (MES) in a fab environment
  • Proficiency in managing security operations (SecOps) tools including SIEM, EDR, and DLP
  • Strong knowledge of cloud security (AWS/Azure) and hybrid infrastructure
  • Proven ability to conduct risk assessments and manage remediation efforts across global sites
  • Technical knowledge of network security including firewalls, VPNs, and Zero Trust architectures
  • Experience with identity and access management (IAM) lifecycle and governance
  • Excellent verbal and written communication skills for presenting to executive leadership
  • Demonstrated ability to lead incident response activities and conduct post-mortem analysis