Job Description

We’re hiring a hands-on IT Security Manager to own product, cloud, and corporate security across Pixlr. You’ll define and run our security program, from policy and risk to AppSec and incident response, while partnering closely with Engineering, IT, Product, Legal, and Operations.

The Job:

Security Governance, Risk & Compliance

• Establish and maintain the security policy stack, aligned with ISO 27001, SOC 2 controls, and applicable privacy regulations (e.g., PDPA, GDPR).
• Conduct security risk assessments, vendor and third-party reviews, and data classification activities.
• Support audit readiness through evidence collection, control testing, and maintenance of security control mappings.

Application & Product Security

• Embed security practices within the software development lifecycle, including threat modelling, secure coding standards, and security reviews.
• Own and operate application security tooling within CI/CD pipelines, including static, dynamic, and dependency analysis.
• Guide engineering teams on secure design principles, OWASP Top 10, API security, and supply-chain risk considerations.

Cloud & Platform Security

• Implement and operate cloud security controls across AWS environments, including identity management, logging, monitoring, and threat detection services.
• Define baseline hardening standards, guardrails, and policy-as-code controls for cloud and infrastructure environments.
• Drive container, serverless, and data protection security practices, including encryption and key management.

Detection, Response & Resilience

• Develop and maintain incident response plans and coordinate security incident handling with Engineering and IT teams.
• Operate centralised security logging, alerting, and detection capabilities.
• Maintain business continuity and disaster recovery security requirements, including backup and recovery verification.

Access Hygiene & Privacy

• Enforce identity lifecycle management and access controls across cloud platforms, SaaS systems, and data environments.
• Partner with Legal and Data teams on privacy impact assessments, data retention practices, and data loss prevention controls.

Culture, Enablement & Operations

• Deliver security awareness and role-based training for engineering, product, and operations teams.
• Define and track security operational metrics to monitor risk, control coverage, and remediation effectiveness.
• Balance security requirements with delivery velocity and cost considerations through cross-functional collaboration.
  

Job Requirements

 The Person:

• 6–10 years of experience in IT or application security, including ownership of security programmes or AppSec/CloudSec functions.
• Strong hands-on experience with application security, secure SDLC practices, and vulnerability management.
• Practical expertise in AWS security services, identity and access management, and cloud security monitoring.
• Experience with common security tooling, including SAST, DAST, dependency scanning, secret management, and security logging platforms.
• Solid understanding of security governance frameworks and regulatory principles, including ISO 27001, SOC 2, PDPA, and GDPR.
• Proven ability to lead incident response activities and communicate security risks clearly to technical and non-technical stakeholders.

Nice-to-Haves

• Certifications: CISSP, CCSP, AWS Security Specialty, ISO 27001 Lead Implementer/Auditor.
• Experience with creative/EdTech or high-scale consumer SaaS; exposure to SOC 2/ISO27001 journeys and GRC platforms (e.g., Drata/Vanta).
• Container/Kubernetes security, serverless security, and SBOM/supply chain practices.
  

Skills