Apply now »

Deputy Director, Security Governance, Risk & Compliance

Date:  29 Jun 2026
Company:  Singapore Pools (Pte) Ltd

Work that powers communities.

Who We Are

Singapore Pools was established by the Singapore government on 23 May 1968 to provide safe and trusted betting to counter illegal gambling. As a not-for-profit organisation, it makes contributions to the Tote Board to fund a wide range of causes in social service, community development, sports, arts, education and health sectors.

 

Since 2004, over $5 billion have been channelled to the Tote Board. In addition, Singapore Pools also contributes about $2 billion annually to the Government in the form of taxes and duties. Its responsible gaming practices have been awarded the highest level of certification (Level 4) by the World Lottery Association’s Responsible Gaming Framework since 2012.

 

Since inception, Singapore Pools’ staff have a long-standing commitment to doing good and giving back to those in need. Staff volunteers support activities held all year round, from helping disadvantaged children, youth-at-risk, underprivileged families, and elderly, to conserving the environment.

Job Purpose

Reporting to the Chief Business Technology Officer, the individual will protect the organisation's digital assets, sensitive data, and gaming systems while ensuring regulatory compliance, managing audit relationships, embedding a security-first culture across all technology initiatives and provide governance and check-and-balance function over security architecture implementations.

What You'll Do

  • Information Security Management & Governance: Define and enforce information security policies, standards, and controls; conduct risk assessments; ensure adherence to security frameworks (ISO 27001, NIST CSF), maintain WLA Level 4 certification compliance.
  • Security Design Review & Validation: Conduct independent security review of architecture designs and solutions, validate that security principles are properly embedded; ensure security controls are implemented correctly, work with Enterprise Architecture on secure-by-design implementations.
  • Data Protection & Privacy: Establish data protection and privacy governance aligned with PDPA, GDPR (if applicable), and industry standards; manage data classification, retention, and disposal, support the Data Protection Officer (PDPO) functions.
  • Compliance Management: Ensure Business Technology division complies with Singapore Pools' regulatory obligations (gaming regulations, anti-money laundering, responsible gaming), maintain compliance with relevant frameworks (ISO 27001, SOC 2, PCI-DSS where applicable), lead compliance audits; track and maintain WLA Level 4 certification.
  • Check & Balance Function: Provide independent oversight of IT Security Operations; ensure controls are appropriate and effective, audit security practices and configurations, validate that Infrastructure team's security operations meet policy requirements.
  • Risk & Compliance Coordination: Serve as single point of contact between Business Technology and company-wide Risk & Compliance teams, coordinate risk assessments, compliance reviews, and regulatory reporting.
  • Audit Relationship Management: Lead all Business Technology-related audit activities (external audits, internal audits, regulator inspections), manage audit responses and remediation tracking.
  • Incident Management & Response: Lead incident response for security events, ensure proper documentation and regulatory reporting, drive post-incident learning, coordinate with Infrastructure on technical incident response.
  • Business Continuity and Disaster Recovery Compliance: Partner with Infrastructure team to ensure BCDR plans meet security and compliance requirements.
  • Build long-term working relationships across departments/sections and promote cross team collaboration.
  • Oversee the employee management process for the team (e.g. staffing decisions, coaching, development, evaluation), set performance targets and evaluate delivery against targets, counsel staff in career/performance development.
  • Enforce/ensure corporate and department standards, policies and guidelines within the team.
  • Work closely with Chief Risk & Compliance (CRC) as Business Technology Business Partner to establish collaboration and partnership between Business Technology and R&C to ensure operational compliance and stability.
  • Position Singapore Pools as the thought leaders in Information Security, Data Protection, Risk and Compliance.
  • Create Information Security and Data Protection as competitive advantage.
  • Represent Business Technology in Technology Committee to drive and build confidence in how Singapore Pools is securing their data and information.

Who You Are

  • Degree-qualified in Computer Science/Engineering, Information Science or related IT Discipline, with 10-12 years of proven experience in managing IT Security issues, policies and procedures, with at least 8 years of experience in an enterprise of a size comparable to Singapore Pools.
  • Proven experience regarding Information Security Management System (ISMS) in compliance with BS7799/ISO27001 or WLA or other standards.
  • Strong understanding and keen interest in the latest technological trends and IT Security developments impacting businesses.
  • Professional certifications such as CISSP, CISM, CISA.
  • Make sound, logical and data-based decisions on complex issues and problems, fully considering the risks involved.
  • React quickly and make decisions in a fast-paced environment impacting people, process and technology.
  • Possess keen awareness and capabilities to anticipate potential threats across the enterprise.
  • Extensive experience around information security management and governance.
  • Knowledge of various security methodologies and processes, and technical security solutions, Security architecture and design review.
  • Extensive knowledge of data protection and privacy regulation (PDPA, GDPR), compliance frameworks (ISO 27001, NIST, SOC 2, PCI-DSS), gaming and gambling regulations (WLA certification requirements), risk management and audit experience, incident response and forensics.
  • Strong analytical and documentation skills.
  • Manage influence through persuasion, negotiation and consensus building.
  • Outstanding communication and interpersonal skills.
  • Ability to look at the big picture and visualize a mid and long-term information security and data protection strategy to support the business.
  • Ability to lead, coach and motivate team.
  • A strong relationship builder to develop solid connections with C-level and senior business leaders.

What We Offer

  • Comprehensive total rewards package
  • Health & wellness benefits
  • Continuous learning and upskilling opportunities
  • Volunteerism and community initiatives

 

Only shortlisted candidates will be contacted for further career conversations.

Apply now »