Cyber Security Lead

Raffles Medical Group (RMG) is the largest home-grown private healthcare provider in the region, started in 1976 in Singapore as a two-clinic operation but today, serves patients in five countries, 14 cities. We are a Multidisciplinary Medical Group listed on the Singapore Stock Exchange and operate over 100 medical facilities across 14 major cities. It is the only private medical provider in Singapore that owns and operates a fully integrated healthcare organization comprising a tertiary hospital, a network of family medicine and dental clinics, insurance services, Japanese and Traditional Chinese Medicine clinics, Raffles Wellness and a consumer healthcare division. Raffles Hospital is the flagship of Raffles Medical Group. Our China footprint has expanded with the opening of our Chongqing, Beijing and Shanghai Hospitals.

Role Overview

This role is responsible for establishing the cybersecurity architecture strategy, driving architectural standardization, ensuring secure by design principles, and enabling strong alignment between cyber requirements, business needs, and technology plans. You will play a key role in strengthening RMG's cybersecurity resilience through architecture oversight, security design governance, solution validation, and forward-looking capability development.

As a Cybersecurity Lead, you will support the Senior Cybersecurity Manager in developing and implementing a robust cybersecurity architecture framework and strengthening organizational resilience.

Key Responsibilities:

1) Security Achitecture

• Evaluate systems from a security architecture perspective and propose practical remediation measures.
• Develop and rollout group-wide cybersecurity standards and guidelines.
• Define security requirements and review solution architectures and proposal content.
• Lead and coordinate the delivery of cybersecurity assessments, implementations and improve projects.
• Lead the design and evaluation of security controls for new systems, platforms, cloud solutions and major transformation programs.
• Provide expert advisory to project teams, solution architects and engineering teams on system hardening, network segmentation, identity security, cloud security and application security.
• Conduct architectural risk assessments and security design reviews, identifying design weaknesses and recommending effective mitigation measures.
• Drive the planning and implementation of strategic cybersecurity architecture initiatives.

2) Threat & Vulnerability Management

• Lead the threat intelligence program by collecting, analysing, and operationalising threat data to inform defensive priorities.
• Oversee the full vulnerability management lifecycle: asset discovery, risk scoring (CVSS), prioritisation, remediation SLA tracking, and executive reporting.
• Facilitate in cyber incident response planning and execution, including coordination across IT, clinical, operations, and communications teams.
• Facilitate tabletop exercises, red team/blue team activities, and post-incident reviews.
• Manage penetration testing programs; track, assign, and verify remediation of findings.
• Maintain RMG's threat model, attack surface inventory, and cyber risk register.
• Monitor sector-specific threat developments (e.g. healthcare, OT/IoT, supply chain) and proactively update controls.

3) Compliance & Risk Management

• Ensure cybersecurity compliance with Singapore regulatory frameworks:

- Personal Data Protection Act (PDPA) and PDPC Advisory Guidelines

- Healthcare Services Act (HCSA) and associated MOH circulars

- MOH Artificial Intelligence in Healthcare Guidelines (where applicable)

- Cyber Security Agency (CSA) Cybersecurity Act and CII obligations

- MAS Technology Risk Management Guidelines (where applicable)

• Coordinate and support internal audits, external assessments, and regulatory inspections; prepare evidence packs and manage remediation plans.
• Oversee Business Continuity Planning (BCP) and Disaster Recovery (DR) from a cybersecurity perspective, including cyber crisis response plans.

Requirements:

• Bachelor's degree in Cybersecurity or a related discipline.
• Minimum 6 years of hands-on cybersecurity experience with at least 3 years in cybersecurity architecture or security design for complex IT environments.
• Proficiency in Chinese (preferably both spoken as written Chinese) as will need to support engagements in China.
• Well versed in Cybersecurity architecture and design.
• Proven track record in security architecture design, review, and governance in an enterprise or regulated environment.
• Demonstrated expertise in designing and evaluating security controls across cloud and on-premise systems.
• Hands-on experience conducting architectural risk assessments, security design reviews and solution validation.
• Demonstrated experience in threat and vulnerability management.
• In-depth understanding of cybersecurity frameworks such as NIST CSF, ISO27001, CIS Controls. AI frameworks and other sector-specific cyber standards.
• Required (at least one):CISSP, CISM, or CISA or equivalent senior-level cybersecurity certification.
• Experience in the healthcare, government, or Critical Information Infrastructure (CII) sector is an advantage.