AVP/VP, Insider Threat, Cyber Security Assurance & Defense, Technology Group

GIC is one of the world’s largest sovereign wealth funds. With over 2,000 employees across 12 locations around the world, we invest in more than 40 countries globally across asset classes and businesses. Working at GIC gives you exposure to an extraordinary network of the world’s industry leaders. As a leading global long-term investor, we Work at the Point of Impact for Singapore’s financial future, and the communities we invest in worldwide.

Technology Group
We experiment, design, and lead a 24×7 global business where we support core capabilities in asset management, trading, investment operations, and risk management. We deliver secure, reliable, and integrated solutions, and provide insights on new, and emerging technologies. 

Infrastructure & Cybersecurity Resilience (ICR)

We design, build, and secure the technology foundations that power GIC’s global investment operations. We aim to deliver resilient, scalable, and secure infrastructure that empowers our people and businesses to perform securely, efficiently, and effectively.

You will be a part of an independent function to protect the firm’s information technology and digital assets, including business data, from external threats, manage operational risks, and to facilitate the firm’s digitalization journey in a secure manner.

What impact can you make in this role?

You will play a critical role in safeguarding GIC’s information assets and reputation. You will lead efforts to detect, investigate, and mitigate insider threats—whether malicious or unintentional—while strengthening the organization’s overall cybersecurity posture. Your work will directly influence GIC’s ability to prevent data breaches, financial losses, and reputational harm, and to foster a culture of security awareness and accountability across the enterprise.

You will collaborate closely with cross-functional teams including Security Operations, Digital Forensics, HR, Legal, and Compliance to ensure a coordinated and effective response to insider threat incidents. By continuously refining detection capabilities, investigation processes, and response strategies, you will help shape the evolution of GIC’s insider threat program.

What will you do as an VP, Insider Threat? 

Program Management & Policy Enforcement

• Administer and enhance information protection policies, standards, and procedures to safeguard GIC’s technologies, data, and services.
• Partner with stakeholders to ensure alignment between insider threat controls and organizational risk management objectives.

Threat Detection & Response

• Monitor and respond to alerts generated by data loss prevention (DLP), endpoint detection and response (EDR), and other insider threat detection systems.
• Analyze system, application, and network logs to identify anomalous behaviors and potential insider threats.
• Proactively search for Indicators of Compromise (IOCs) and "living off the land" techniques that bypass automated detection.
• Lead or support incident response activities, ensuring timely containment, investigation, and remediation of insider-related incidents.
• Provide actionable recommendations to infrastructure teams to harden environments and prevent re-entry.

Investigation & Forensics

• Conduct in-depth host-based forensic investigations across Windows and Linux environments, including memory (RAM) analysis, filesystem auditing, and registry examination. Utilize digital forensics tools and methodologies to collect, preserve, and analyze evidence, ensuring accuracy, integrity, and chain of custody throughout the investigation process.
• Analyze and correlate data from multiple sources (e.g., DLP, SIEM, EDR, NTA) to reconstruct attacker timelines.
• Prepare detailed investigation reports and present findings to senior management or relevant stakeholders.

Collaboration & Stakeholder Engagement

• Work closely with HR, Legal, Compliance, and business units to ensure investigations are handled with fairness, discretion, and consistency.
• Contribute to awareness and training initiatives to strengthen the organization’s insider threat resilience.

Continuous Improvement & Research

• Stay abreast of emerging insider threat tactics, industry trends, and regulatory developments.
• Recommend and implement enhancements to detection technologies, analytics, and response processes.
• Foster a culture of collaboration, vigilance, and continuous learning within the cybersecurity team.

What qualifications or skills should you possess in this role?

• Bachelor’s degree in Information Technology, Computer Engineering, Cybersecurity, Digital Forensics, or a related discipline.
• Minimally 5–7 years of experience in cybersecurity operations, threat analysis, or security engineering.
• Professional certifications such as CISSP, CISM, CEH, GIAC (GCIH, GCFA, GCTI), or equivalent are highly desirable.
• Proven work experience in cybersecurity, with a focus on policy creation, monitoring, and incident response.
• Demonstrated experience managing cybersecurity projects, including planning, execution, and monitoring, ensuring initiatives are completed on time and within budget.
• Familiarity with frameworks such as NIST, ISO 27001, or CIS Controls.
• Experience working with cross-functional teams and external vendors in a complex enterprise environment.
• Experience with Endpoint Detection and Response (EDR) and Endpoint Protection Platforms (EPP) such as CrowdStrike, Microsoft Defender, or Palo Alto.
• Familiarity with Security Information and Event Management (SIEM) tools (e.g., Splunk, QRadar, Sentinel) for log correlation and threat analysis.
• Strong knowledge of Network Traffic Analysis (NTA) and User and Entity Behavior Analytics (UEBA) tools to detect anomalous activity.
• Hands-on experience with digital forensics tools such as EnCase, FTK, or SIFT for evidence collection and analysis.
• Ability to use scripting languages such as Python, PowerShell, or Bash to automate investigation workflows and data analysis.
• Expert-level knowledge of Windows internals (Event Logs, MFT, Prefetch) and Linux internals (Syslog, Auth logs, Cron, persistence mechanisms).Strong understanding of TCP/IP, DNS, and HTTP/S protocols to analyze lateral movement and C2 (Command & Control) traffic.
• Experience responding to incidents in AWS, Azure, or GCP (identity theft, S3 bucket exposure, etc.).

Work at the Point of Impact

We need to be forward-looking to attract the right people to help us become the Leading Global Long-term Investor. Join our ambitious, agile, and diverse teams - be empowered to push boundaries and pursue innovative ideas, share your views, and be heard. Be anchored on our PRIME Values: Prudence, Respect, Integrity, Merit and Excellence, which guides us in how we make our day-to-day decisions. We strive to inspire. To make an impact.

Flexibility at GIC

At GIC, our offices are vibrant hubs for ideation, professional growth, and interpersonal connection.  At the same time, we believe that flexibility allows us to do our best work and be our best selves.  Thus, our teams come into the office four days per week to harness the benefits of in-person collaboration but have the flexibility to choose which days they work from home and adjust this arrangement as situational needs arise.

We are an equal opportunity employer

As an employer, we passionately believe every individual brings with them unique diversity of thought and perspectives to meaningfully enrich perspectives of GIC teams to drive competitive performance. An inclusive environment yields exceptional contribution.

Learn more about our Technology Group here: https://gic.careers/group/technology-group/