Information Security, Senior Executive (1 year contract)

About WhiteCoat

WhiteCoat is a Singapore-headquartered omnichannel provider of integrated health andwellness services that serves as the first and single touchpoint for all care needs in SoutheastAsia.

Since launching in 2018 WhiteCoats digital platform powers a wide range of services includingtele- and in-person consultations as well as medication fulfilment and diagnostic testingacross primary specialist and allied care. With a focus on the B2B space WhiteCoat has forged strategic partnerships with the regionsleading insurers corporates and care providers to provide accessible and affordable high-quality care to its users.

The Group currently has offices in Singapore Indonesia Malaysia and more information on WhiteCoat please visit .

What you will be doing

The Information Security Senior Executive is responsible for embedding security into the entire software development lifecycle (SDLC). This role owns the application and product security roadmap from initial design to deployment and operation.

You will safeguard our information systems by proactively identifying assessing and mitigating security risks in our software. This position acts as a critical bridge between development operations and security teams ensuring our products are built on a foundation of security and trust.

Your accountability spans secure development practices automated security testing (SAST/DAST) penetration testing and vulnerability management with a clear mandate to drive down risk without impeding engineering velocity.

Key Responsibilities:

1. Security Governance & Operations

• Develop implement and enforce security policies standards and guidelines aligned with industry best practices (e.g. ISO 27001 NIST OWASP).

• Own and manage the regulator reporting workflow for security incidents and data breaches (e.g. PDPC MAS MOH) ensuring timely and accurate submissions.

• Prepare and present a quarterly board-level metrics pack detailing our security posture vulnerability status testing outcomes and risk landscape.

• Monitor assess and respond to security threats and incidents in close coordination with the Security Operations Center (SOC) and IT teams.

2. Secure Development & Testing (DevSecOps)

• Integrate and automate security tooling into the CI/CD pipeline at key gates:

  • Static Application Security Testing (SAST) on every pull request.

  • Software Composition Analysis (SCA) for dependency scanning on every merge.

  • Dynamic Application Security Testing (DAST) in pre-production environments.

• Lead threat-modeling workshops with engineering teams to proactively identify architectural flaws and teach them to think like an attacker.

• Work directly with development teams to remediate identified vulnerabilities providing clear guidance and promoting secure coding practices.

3. Penetration Testing & Vulnerability Management

• Plan and manage a continuous program of internal and external penetration testing for applications APIs networks and cloud infrastructure.

• Oversee the budget for third-party security assessments to ensure specialized testing can be procured without delay.

• Enforce risk-stratified Service Level Agreements (SLAs) for remediation (e.g. Critical: 7 days High: 14 days) tracked transparently in Jira.

• Validate remediation efforts post-testing and ensure all identified risks are formally closed or accepted.

4. Incident Response & Threat Management

• Lead application-focused incident response activities including investigation containment eradication and recovery.

• Conduct blameless post-mortems and root cause analysis for security incidents ensuring preventative measures are implemented.

• Run regular table-top exercises and purple-team drills to test and improve our response capabilities.

• Track emerging threats vulnerabilities and exploits relevant to the organizations technology stack and software supply chain.

5. Awareness & Training

• Establish and lead a Security Champions Guild embedding a security-focused engineer in each squad to act as a first-line AppSec advocate.

• Provide technical guidance and hands-on training to development QA and operations teams on security best practices and tooling.

• Promote a security-first culture across the organization making security a shared responsibility.

Our Benefits

• Make a Real Impact: Opportunity to contribute to a leading digital health companys rapid growth.

• Fast-paced Start-up Environment: Experience an environment where you get to own and make tangible impact without bureaucracy getting in the way of rapid decision-making.

• Great Team: Collaborate with intelligent friendly and supportive professionals from diverse backgrounds.

• Hands-on Learning & Growth: Gain hands-on experience in strategy partnerships operations and product innovation within a growing industry.

• Competitive Compensation & Benefits: Competitive compensation and performance-based bonus.

How to apply

If you believe you have what it takes for this role click Apply and join us on our journey to make a positive impact on the lives of people through innovative healthcare solutions!

What we are looking for

Education & Certification:

• Bachelors degree in Computer Science Information Security or a related field.

• Relevant certifications strongly preferred (e.g. OSCP GWAPT GPEN CSSLP CISSP).

Technical Skills:

• Deep expertise in application security concepts and frameworks (OWASP Top 10 SANS CWE 25).

• Hands-on experience with SAST (e.g. SonarQube Checkmarx) DAST (e.g. OWASP ZAP Burp Suite) and SCA/SBOM tools (e.g. Syft Grype Snyk).

• Practical experience conducting managing and interpreting penetration test results.

• Proven ability to integrate security tools into CI/CD pipelines (e.g. Jenkins GitLab CI GitHub Actions).

• Strong understanding of secure coding practices in languages like Java Python and JavaScript.

• Proficiency in cloud security with a priority on AWS (CIS Benchmarks IAM) and familiarity with Azure/GCP.

• Experience with Infrastructure as Code (IaC) security scanning (e.g. Terraform CloudFormation).

Soft Skills:

• Exceptional communication skills with a proven ability to translate technical CVEs into business and product impact for executive stakeholders.

• Strong analytical and problem-solving skills with a proactive detail-oriented mindset.

• Demonstrated ability to influence roadmap trade-offs and collaborate effectively with Product Legal and Audit teams.