Head of Cybersecurity & IT

Location: Singapore, Singapore, Singapore

Department: Technology

Workplace: on_site

Employment Type: full

Description

MORROW HEALTH

MORROW Health is Singapore’s largest integrated fitness and recovery destination, designed to help individuals build healthier, more resilient lives through intentional daily habits. Grounded in lifestyle medicine, MORROW Health brings together physical activity, nutrition, restorative sleep, stress management, avoidance of risky substances, and social connection through structured programmes and purpose-built environments that make sustainable lifestyle change achievable. Supported by evidence-informed practice and data from wearables and lifestyle inputs, MORROW Health helps members recognise patterns, build consistency, and stay accountable—turning insight into everyday action that supports long-term vitality, strength, and clarity, without medical diagnosis or treatment.

Location: Singapore

Singapore Reports to: CTO

Direct Reports: IT & Cybersecurity Engineers, Helpdesk, QA & Compliance Associates.

The Head of Cybersecurity and IT is accountable for cross-functional global IT operation, cybersecurity and compliances. The Head will setup and provide hands-on IT and Cybersecurity solutions, SOPs and policies while establishing and leading a team of IT & cybersecurity engineers, Helpdesk, QA and Compliance associates.

ROLE & RESPONSIBILITIES
- On-prem ‘server room’ setup and network configuration with emphasize on cybersecurity,

including the setup of temporary storage for health data as a secured gateway and transfer to

cloud.

- Cloud environment setup, configuration and maintenance (AWS/Azure/GCP) with emphasize on

access control, compliance and cybersecurity.

- Establish and lead an IT team, provide mentorship, professional growth and performance

reviews.

- Responsible for M365 configuration , monitoring and maintenance.

- Responsible for laptops purchase, configuration, MDM and support to end users.

- Setup and lead back office IT and telecommunication solutions in the office.

- Setup a 24/7 IT helpdesk operation across multiple time zones.

- Engage IT, cloud and software vendors based on cross-functional business needs.

- Write and maintain IT policies and SOPs, including staff training and guidance.

- Process and maintain on-prem and cloud backups, including periodic data restoration

simulation.

- Establish annual roadmaps and manage IT and cybersecurity projects with clear timelines, Gantt

charts, financial forecasts, and KPIs.

- Identify and assess security risks, vulnerabilities, and threats.

- Implement risk mitigation measures and ensure compliance with industry standards and

regulations.

- Drive phishing and social engineering campaigns to train and increase cyber awareness of staff.

- Oversee security audits, penetration tests and assessments.

- Engage cybersecurity vendors and solutions to strengthen and further secure the environment.

- Develop and maintain incident response plans and policies.

- Write, simulate and maintain Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP).

- Drive cybersecurity monitoring of both on-prem and cloud (AWS/Azure/GCP, M365).

- Evaluate and recommend security tools, technologies, and best practices.

- Ensure secure design principles are followed in software development, digital health platform

and infrastructure.

- Stay informed about emerging threats and vulnerabilities.

- Present technical updates and train staff and leadership on Cybersecurity best practice and

compliances.

- Establish and manage cross-functional security operations center (SOC) activities.

- Utilization of AI-driven security tools.

- Establish and monitor security of website and customer facing digital platform and apps.

- Ensure best practice in customers’ secured payment processing and protection of personal

identifiers based on PDPA and other compliance requirements.

- Lead the IT organization towards relevant ISO, IT & Cybersecurity certifications.

- Support global expansion of the organization and drive IT aspects of sites setup and

configuration.

Requirements

• At least 10 years of industry experience in leading Cybersecurity function.
• At least 5 years hands-on experience in cloud security practice and implementation.
• At least 5 years hands-on experience in firewall configuration and maintenance.
• At least 5 years hands-on experience in M365 security configuration and
• implementation.
• At least 5 years experience in leading cybersecurity of consumers facing digital
• platforms.
• B.Sc./BA in Computer Science/Engineering, IT security systems, Compliance or related
• fields. An advanced degree is an advantage.
• AWS/Azure/GCP and M365 certificates are an advantage.
• Strong executive communication and global collaborations skills.
• Proven team leadership skills and experience.

Benefits

• Flexible Paid Leave
• Medical & Dental