AVP/VP, Cybersecurity Assurance, Technology Group

GIC is one of the world’s largest sovereign wealth funds. With over 2,000 employees across 11 locations around the world, we invest in more than 40 countries globally across asset classes and businesses. Working at GIC gives you exposure to an extraordinary network of the world’s industry leaders. As a leading global long-term investor, we Work at the Point of Impact for Singapore’s financial future, and the communities we invest in worldwide.

Technology Group
The Technology Group (TG) is a key enabler to keep our business moving forward and is constantly exploiting state-of-the-art information technologies to enhance GIC’s ability to be the leading global long-term investment firm. We aim to provide users with empowering and transformational capabilities, and to create an inclusive, innovative and integrated work environment.

What impact can you make in this role?
The individual will be part of the Cybersecurity Assurance & Defence (CSAD) team and will play a key role in strengthening the firm’s security posture through proactive vulnerability management, adversarial attack simulation planning, and continuous improvement of security baselines. The individual will serve as a control owner, driving threat prioritization, root cause analysis, and cross-team collaboration to remediate and prevent recurrence of vulnerabilities. This role requires strategic thinking, strong analytical capabilities, and the ability to influence stakeholders across technical and business domains.

What will you do in this role? 

• Lead and participate in vulnerability management & threat modelling discussions, ensuring effective prioritization and remediation of identified threats.
• Operate and maintain vulnerability scanning tools (e.g., OSS, SAST, DAST, OS, Secret Scanning etc.), ensuring scans are executed, results are analyzed, and findings are addressed.
• Support the planning, coordination, and management of adversarial attack simulations to validate the firm’s defensive capabilities.
• Evaluate vulnerabilities holistically to identify threat severity and prioritization, acting as a control owner to ensure timely mitigation.
• Understand and manage security baselines, ensuring configuration drifts are detected, assessed, and remediated.
• Manage day-to-day cybersecurity assurance operations, ensuring effective prioritization of tasks and optimal allocation of resources based on risk and impact.
• Analyze vulnerability data to identify patterns, correlations, and root causes, and partner with relevant teams to implement sustainable remediation measures.
• Drive community initiatives to enhance the firm’s overall security posture through active knowledge sharing and best practice recommendations.
• Collaborate with engineering, operations, risk, and business stakeholders to influence security improvements and embed security assurance practices into operational processes.
• Contribute to continuous improvement of cybersecurity assurance standards, frameworks, processes, and reporting.

What qualifications or skills should you possess in this role? 

• Bachelor’s degree in Computer Science, Information Security, or a related field.
• Proven experience in offensive security, cybersecurity assurance, vulnerability management, or threat analysis.
• Strong understanding of adversarial attack simulation methodologies (e.g., red teaming, purple teaming).
• Familiarity with defining security baselines, configuration management, and drift detection tools.
• Proficiency in analyzing and interpreting vulnerability data to drive actionable insights.
• Excellent communication and stakeholder management skills, with the ability to influence and drive change.
• Demonstrated ability to think strategically and connect technical findings to business risks and outcomes.
• Familiar with enterprise security architecture and have knowledge on how security controls address evolving cybersecurity threats.
• Relevant offensive security certifications such as OSCP or equivalent.
• Experience with vulnerability management tools (e.g., OSS, SAST, DAST, OS, CSPM, SSPM) and configuration management platforms.

Work at the Point of Impact
We need to be forward-looking to attract the right people to help us become the Leading Global Long-term Investor. Join our ambitious, agile, and diverse teams - be empowered to push boundaries and pursue innovative ideas, share your views, and be heard. Be anchored on our PRIME Values: Prudence, Respect, Integrity, Merit and Excellence, which guides us in how we make our day-to-day decisions. We strive to inspire. To make an impact.

Flexibility at GIC
At GIC, our offices are vibrant hubs for ideation, professional growth, and interpersonal connection.  At the same time, we believe that flexibility allows us to do our best work and be our best selves.  Thus, our teams come into the office four days per week to harness the benefits of in-person collaboration, but have the flexibility to choose which days they work from home and adjust this arrangement as situational needs arise.

GIC is an equal opportunity employer 
As an employer, we passionately believe every individual brings with them unique diversity of thought and perspectives to meaningfully enrich perspectives of GIC teams to drive competitive performance. An inclusive environment yields exceptional contribution.