EMPOWERING PEOPLE TO MAKE A DIFFERENCE

At Howden, we employ talented individuals and empower them to make a real difference to the company, whilst building successful and fulfilling careers.

The entrepreneurial atmosphere is one of the biggest reason people love to work for us. We are a leading independent, global insurance brokers but have a noticeably flat hierarchy. It doesn't matter how junior or senior, anyone with a good idea will be heard. This means our employees can shape their own career paths and determine their own success.

This atmosphere attracts the brightest talent in the market. If that includes you, get in touch.

Job role: Senior Security Consultant (M&A Architecture Focus)

Department: Information Security / Enterprise Architecture

Report to: Group Deputy Chief Information Security Officer

A LEADING GLOBAL INDEPENDENT BROKER

Howden is a specialist commercial insurance broker. Its regional footprint covers Singapore (regional headquarters),

Malaysia, Hong Kong, Indonesia, Thailand, and Philippines. It is part of the London-headquartered Howden Broking Group, a leading independent, global broker with offices in over 40 countries worldwide.

About the Role:

We are looking for a highly skilled and experienced Senior Security Consultant to join our dynamic and fast-growing security team. This pivotal role blends deep technical proficiency in cybersecurity with strategic leadership in Mergers & Acquisitions (M&A) initiatives. As a trusted security advisor, you will be instrumental in evaluating the security posture of target organizations, identifying potential risks, and ensuring seamless integration of security frameworks post-acquisition.

You will lead the end-to-end security lifecycle of M&A activities from due diligence and risk analysis to integration planning and execution. Your work will directly influence the organization's ability to scale securely, maintain compliance, and protect critical assets during periods of rapid change. This role requires a unique combination of technical depth, business acumen, and cross-functional collaboration, making it ideal for professionals who thrive in complex, high-impact environments.

Key Responsibilities:

Security Analysis & Architecture

• Conduct In-Depth Security Assessments of Systems, Networks, and Applications: Perform comprehensive evaluations of both on-premises and cloud-based environments to identify vulnerabilities, misconfigurations, and potential attack vectors. Utilize tools such as vulnerability scanners, penetration testing frameworks, and manual review techniques to assess the security posture of critical assets. Deliver detailed reports with prioritized findings and actionable remediation recommendations.
• Design and Recommend Security Controls and Architecture Improvements: Develop and propose robust security architectures that align with industry best practices and organizational risk tolerance. This includes designing secure network topologies, implementing zero-trust principles, and recommending controls such as encryption, multi-factor authentication, and intrusion detection/prevention systems. Work closely with enterprise architects to ensure security is embedded into the design phase of all technology initiatives.
• Collaborate with IT, DevOps, and Business Units to Ensure Secure Design and Implementation of Systems: Act as a security advisor throughout the system development lifecycle (SDLC), participating in design reviews, threat modeling sessions, and change management processes. Partner with DevOps teams to integrate security into CI/CD pipelines (DevSecOps), ensuring automated testing and compliance checks. Provide guidance to business stakeholders on balancing security requirements with operational needs and user experience.

M&A Security Integration

• Lead Security Due Diligence Efforts:Spearhead comprehensive security evaluations during M&A activities, including pre-acquisition risk assessments, gap analyses, and compliance reviews. Collaborate with legal, IT, and business teams to identify potential security liabilities, regulatory exposures, and integration challenges. Ensure that all findings are documented and communicated effectively to executive stakeholders.
• Develop and Execute Security Integration Plans: Create tailored security integration strategies for newly acquired entities, aligning them with the organization's overarching security architecture and governance frameworks. This includes harmonizing policies, access controls, identity management systems, and incident response protocols. Oversee the execution of these plans, ensuring minimal disruption to business operations and maintaining a strong security posture throughout the transition.
• Identify and Mitigate Legacy and Third-Party Risks: Conduct thorough assessments of legacy systems, inherited infrastructure, and third-party vendor relationships to uncover vulnerabilities and compliance gaps. Implement remediation plans that may include system upgrades, vendor renegotiations, or decommissioning of outdated technologies. Ensure secure data migration practices and validate that sensitive information is protected during transfer and integration.
• Post-Merger Monitoring and Optimization: Establish post-merger security monitoring protocols to detect anomalies and ensure ongoing compliance. Use metrics and KPIs to evaluate the effectiveness of integration efforts and identify areas for continuous improvement. Provide regular updates to senior leadership and contribute to post-acquisition reviews and lessons-learned sessions.
• Stakeholder Engagement and Communication: Act as a liaison between technical teams and business units during M&A processes, translating complex security requirements into actionable business terms. Facilitate workshops and training sessions to onboard acquired teams into the organization's security culture and practices.

Governance, Risk & Compliance

• Ensure compliance with industry standards (e.g., ISO 27001, NIST, DORA, SOC 2, GDPR).
• Support internal and external audits related to security controls and M&A activities.
• Maintain documentation and reporting for security assessments and integration efforts.

Collaboration & Leadership

• Act as a trusted advisor to senior leadership on security risks and strategies during M&A.
• Mentor junior analysts and contribute to the development of security best practices.
• Participate in incident response and threat modeling exercises as needed.

Qualifications

Required:

• 7+ years of experience in cybersecurity, with at least 2 years in a senior or lead role.
• Proven experience in M&A security assessments and post-acquisition integration.
• Strong understanding of enterprise security architecture, cloud security (AWS, Azure, GCP), and network security.
• Familiarity with regulatory and compliance frameworks (e.g., GDPR, HIPAA, PCIDSS).
• Excellent communication and stakeholder management skills.

Preferred:

• Certifications such as CISSP, CISM, CCSP, or SABSA.
• Experience with security tools such as SIEM, DLP, vulnerability scanners, and EDR platforms.
• Background in enterprise architecture or solution architecture is a plus.

YOUR BENEFITS AND SALARY:

• Commensurate with qualification and experience
• Working in a collaborative environment with excellent learning opportunities
• Possibility of moving to a permanent role at the end of the 12 months if you can prove yourself to be adding value to our business.

DATA PROTECTION NOTICE FOR JOB APPLICANTS

This Data Protection Notice ("Notice") sets out the basis upon which Howden Insurance Brokers (S.) Pte. Limited ("we", "us" or "our") may collect, use, disclose or otherwise process personal data of job applicants in accordance with the Personal Data Protection Act ("PDPA"). This Policy applies to personal data in our possession or under our control, including personal data in the possession of organizations which we have engaged to collect, use, disclose or process personal data for our purposes."

For more information, please refer to the link below.

• https://www.howdengroup.com/sg-en/Howden_SG_PDPA_Notice_for_Job_Application