NFC Internal Careers

The Digital & Technology (IT) Department supports the organisation’s mission by delivering secure, reliable, and user-centric technology services across all preschools and corporate functions. The team oversees core enterprise systems, network and infrastructure operations, digital learning platforms, and centre-based technologies. Working closely with educators, operations, and corporate teams, the department drives digital transformation, enhances service delivery, and ensures strong data governance. Its key functions include IT infrastructure and operations, enterprise applications, digital solutions, and cybersecurity governance.

POSITION OVERVIEW
We are seeking a Head of Infrastructure & Cybersecurity to lead the strategic planning, operations and security of NFC’s IT landscape, covering end user devices, network and cloud infrastructure. This role is responsible for ensuring high system availability, managing cyber risks and implementing security frameworks. This role will also lead IT governance, risk and compliance.

Reporting to the Chief Digital and Technology Officer (CDTO), and serving as a key liaison to the Executive Leadership Team and Board of Directors, the Head of Infrastructure & Cybersecurity is responsible for establishing the enterprise-wide vision, strategy, and execution of the company's technical architecture, information security and risk management program.

This role will champion a secure-by-design culture, ensuring that security is embedded into all technical and business solutions across the organisation. The role will oversee the planning, development, and execution of infrastructure and cybersecurity strategies, frameworks, and policies, ensuring strong alignment with regulatory expectations and enterprise priorities.

The Head of Infrastructure & Cybersecurity, will be responsible for defining organisational infrastructure & cybersecurity standards, performing risk assessments, driving mitigation programmes, and strengthening enterprise resilience. This role will also provide expert advisory support to IT and business leaders on matters related to regulatory compliance, technology risks, and corporate governance.

Key Responsibilities

1. Infrastructure & Security Leadership
   • Defining technology roadmaps, budgeting, and aligning security strategies with business objectives and regulatory compliance.
   • Review infrastructure design and provide guidance to enhancing NFC endpoints, network and cloud infrastructure for enhanced security whilst managing maintainability and cost.
   • Translate technical and cybersecurity concepts into clear business language to support informed decision-making.
   • Communicate cyber risks / incidents, key metrics, threat trends, controls effectiveness to senior stakeholders, and providing justifications on the need for infrastructure architecture and cybersecurity enhancements
2. Infrastructure & Security Operations
   • Oversee IT operations in the areas of networks, infrastructure, end user support and cybersecurity
   • Lead internal team and manage third party vendors to deliver efficient and effective IT service management and infrastructure operations and support
   • Lead the team to effectively manage 24/7 Security Operations function, threat & vulnerability management and incident response, ensuring high-fidelity alerting and effective remediation.
   • Ensure infrastructure architecture, security architecture & design reviews are performed for all major projects, embedding security early in the development lifecycle
     
     
3. Technology Risk Management & Stakeholder Partnership
   • Partner with other teams within the Digital & Technology department to provide infrastructure support, guidance on technology risks, regulatory obligations, and project-related infrastructure and security requirements.
   • Conduct risk assessments on critical IT assets including applications, infrastructure, cloud services, emerging technologies, and centre-based systems.
   • Offer actionable recommendations to IT application teams and business stakeholders to support secure technology adoption.
   • Build strong relationships with senior business leaders to identify, assess, prioritise, and mitigate cybersecurity risks.
   • Ensure clear accountability for risk ownership and support stakeholders in executing mitigation actions.
   • Present emerging risks, incidents, and key issues to senior management clearly and concisely.
     
     
4. Technology Governance, Risk and Compliance
   • Lead the development, implementation, and continuous improvement of a robust IT governance and cybersecurity framework for our technology landscape.
   • Define and maintain security policies, procedures, standards, and guidelines aligned to PDPA, regulatory obligations, and best practices.
   • Ensure robust security controls are embedded across systems, infrastructure, and business operations.
   • Identify and close process and governance gaps, ensuring that all IT practices, technology initiatives and operations align with our organizational goals.
   • Establish and track key performance indicators (KPIs) and metrics to measure D&T performance and the effectiveness of the governance framework.
   • Manage enterprise risks related to D&T, assess impact, track effectiveness of existing control measures, define and track the implementation of additional control measures
   • Prepare and present regular reports to senior management and the board on the state of technology governance, risk, and compliance.
   • Work closely with Group Security, Risk Management, HR, Legal, Compliance, and Internal Audit teams, serving as the subject-matter expert on security compliance, regulatory requirements, and enterprise risk frameworks.
   • Coordinate internal and external audit engagements, regulatory inspections and security assessments, ensuring timely provision of artifacts, recommendation and execution of remediation plans and governance maturity is strengthened.
     
     
5. Team & People Management
   • Lead, mentor, and develop the Infrastructure, End User Support and Security teams across governance, risk, assurance, and operational functions.
   • Build a high-performing capability through clear goals, professional development, and skills uplift.
   • Foster a collaborative, security-first culture across IT and business teams.
   • Manage resources, vendor partnerships, and workload allocation to ensure effective delivery of security initiatives.
   • Drive continuous improvement, knowledge sharing, and a culture of accountability within the team.

Requirements:

• Education
  • Degree in Computer Science, Information Systems, Engineering, or a related field.
  • Professional certifications preferred: CISSP, CISA, CISM, OSCP, CASP, or CCS.
• Experience
  • Minimum 10+ years of progressive experience in network and cloud infrastructure, Cybersecurity, or Technology Risk.
  • At least 5 years in a senior leadership role overseeing security functions or ICT operations.
  • Proven track record in leading large-scale transformation programmes and managing change in fast-moving environments.
  • Strong experience in vendor management and oversight of third-party security providers.
  • Extensive experience formulating, implementing, and monitoring security policies, standards, and procedures.
  • Solid working knowledge of ICT operations, network and cloud infrastructure, security architecture, security governance, vulnerability management, and incident response.
• Skills and Attributes
  • Strong interpersonal, communication, and stakeholder management skills.
  • Strategic thinker with the ability to develop and execute security strategies aligned to business needs.
  • Highly adaptable, with the ability to lead teams through shifting priorities and organisational changes.
  • Strong understanding of emerging technologies, evolving cyber threats, and best-practice security frameworks.
  • Ability to work effectively with cross-functional and multi-disciplinary teams.
  • Skilled in risk assessment, threat and vulnerability management, incident management, compliance, and digital governance.
  • Business- and customer-focused mindset with strong problem-solving and decision-making abilities