Regional Manager, CDI Business and Product Security GRC

Location: Singapore, Singapore

Thales is a global technology leader trusted by governments, institutions, and enterprises to tackle their most demanding challenges. From quantum applications and artificial intelligence to cybersecurity and 6G innovation, our solutions empower critical decisions rooted in human intelligence. Operating at the forefront of aerospace and space, cybersecurity and digital identity, we’re driven by a mission to build a future we can all trust.

In Singapore, Thales has been a trusted partner since 1973, originally focused on aerospace activities in the Asia-Pacific region. With 2,000 employees across three local sites, we deliver cutting-edge solutions across aerospace (including air traffic management), defence and security, and digital identity and cybersecurity sectors. Together, we’re shaping the future by enabling customers to make pivotal decisions that safeguard communities and power progress.

Overall Purpose of Job

The role of the Thales CDI Business and Product Security GRC Manager is responsible & accountable for Security Governance and Oversight for all Thales CDI Business Security including Operations, Product and Outsourced activities (Manufacturing, Personalization, Software Development, etc.) in APAC. This includes Physical / Logical Security Operations & Certifications compliance to ensure the deployment, implementation and enforcement of security policies and practices are in accordance to Thales CDI and Regulatory Security Requirements.

Key Activities / Responsibilities

• Reporting to the CDI Regional Security Director, the role is responsible and accountable for Security Governance and Oversight of CDI Asia Business Security including Operations, Product and Outsourced activities (Manufacturing, Personalization, Software Development, etc.).

• Act as the Tactical Process Manager, bridging security personnel and organizational leaders to facilitate achievement of strategic security objectives.

• Oversee business and operational security management related to, but not limited to, personnel, physical, production, and IT security across various Secure Product manufacturing and personalization sites within the region (Module, Card, Document & ID).

• Act in alignment with the Corporate Security Management System and policies to support site security management covering all aspects: personnel, physical, logical, and IT security for relevant business activities and operations within scope.

• Ensure information security oversight at Asia regional sites complies with organizational security requirements, certifications, and applicable regulations.

• Serve as a Subject Matter Expert (SME) for stakeholders across Asia on security-related queries and issues, providing solutions aligned with compliance and risk management standards.

• Provide expert advisory and guidance to sites for achieving and maintaining required accreditations and ongoing compliance with security regulations in accordance with regulatory requirements and applicable standards such as GSMA-SAS, ISO 14298, ISO 27001, PCI-CP, etc. (with accountability for outcomes)

• Act as Regional (PoC) for Industry 4.0 initiatives for Manufacturing and Banking activities. Ensure design, implementation, and management of digitization, IoT, and SCADA infrastructure/software meet all applicable standards and security requirements; contribute to security evaluations of IoT solutions in other regions.

• Conduct risk assessments and regular audits for internal and external stakeholders in accordance with accreditation or corporate standards; recommend corrective actions and verify the implementation of security controls.

• Ensure that security risks and issues are appropriately identified, managed, and mitigated in a measurable manner, following corporate policies and customer requirements.

• Accountable for assuring of Regional Site Security Management System (SMS) to meet regulatory requirements and Security KPIs are achieved for all CDI sites and business activities under the scope of the role.

• Experience and familiarity with Cloud Security to ensure GRC and assurance for business cloud security, including AWS, Azure, GCP, Kubernetes, serverless, and data protection practices.

• Act as domain expert and trusted advisor to provide management with inputs and recommendations to ensure proactively manage risks and protection of CDI, Customer and partner information, assets and data.

• Accountable to develop a security assurance plan and conduct internal, cross-site audits across the Asia region, ensuring controls and audit trails are effectively implemented to safeguard company assets.

• Accountable for Security Assurance, oversight & reporting of all business security risks and compliance in scope of the role incld. & not limited to Physical, Logical, Operations, Data Protection, R&D, Product and security of outsourced operations and providers.

• Partner with business owners and departments to ensure security requirements are defined and effectively deployed within all production sites and outsourced manufacturing activities.

• Lead and manage investigations related to any security breaches that significantly impact the business, ensuring thorough analysis and remediation.

• Consistently adhere to and promote compliance with CDI Quality, Health, Safety, Environmental, and Security policies and requirements throughout the performance of all duties.

• Undertake any special projects or assignments as specified, as and when required.

JOB REQUIREMENTS

Knowledge and Skills

• Operational Physical and IT Security knowledge and experience.

• Cyber & Cloud: Practical understanding of Cloud Security (AWS/Azure/GCP), containerization (Kubernetes), and securing IoT/SCADA environments (Industry 4.0).

• Knowledge of GSMA, PCI, and ISO security standards, as well as Data Protection regulations (GDPR/PDPA).

• Risk Management: Expertise in conducting formal risk assessments and business impact analyses.

• Relevant Operational Security & Management experience in Data Centre, Manufacturing & Adjacent industries.

• Excellent knowledge of the security challenges in high-tech environment ins Singapore & APAC region is desirable

Education, Qualifications, and Special Training

• Bachelor Degree in IT related field or equivalent

• Strong communication (Oral & Written).

• IT & Operational Security experience is an advantage

• CISSP, CISA, CISM certification is preferred.

• Security auditing experience will be added advantage.

Experience

• 10+ years of progressive experience in IT / IT Security, Security Governance, Risk, and Compliance (GRC), ideally within high-security manufacturing, data center and adjacent industries.

• Proven track record of managing security oversight across multiple sites in the Asia-Pacific region.

• Audit Expertise: 3+ years of experience leading external audits for GSMA-SAS, PCI-CP, or ISO 27001 certifications.

• Investigative experience and an ability to prepare and present comprehensive written report and documents.

Special Requirements (Tools and Equipment Used, External Contacts, etc.)

• GRC tools and security dashboards (e.g., Splunk, Grafana, Kibana, Power BI) to manage and report on security posture.

• Able to travel 20-30% of time within Asia as needed.

#LI-ML1

At Thales, we’re committed to fostering a workplace where respect, trust, collaboration, and passion drive everything we do. Here, you’ll feel empowered to bring your best self, thrive in a supportive culture, and love the work you do. Join us, and be part of a team reimagining technology to create solutions that truly make a difference – for a safer, greener, and more inclusive world.