IT Manager, APAC

You have a passion to lead 

Your drive to inspire and guide sets you apart. You thrive on taking responsibility, tackling challenges head-on, and turning obstacles into opportunities. Working closely with a diverse, talented team to deliver innovative solutions energizes you, and you find genuine satisfaction in helping clients achieve their goals.   

 

We’re in search of dynamic IT talent who not only excel in a fast-paced, collaborative environment but also bring creativity, strategic insight, and a good sense of humour to every challenge. If you’re ready to empower internal clients, and drive transformative change, we want to hear from you!   

 

If you like where this story is leading, read on. 

  

The Plot Thickens: Job Description 

• Security governance and policy management: You will own the lifecycle of our security documentation—regularly reviewing and updating the IT Security Policy, Security Incident Response Procedures, Business Continuity Plan (BCP), Disaster Recovery Plan (DRP), AI Policy oversight, and related documents. You will ensure these frameworks remain current, aligned with evolving threats, and compliant with industry standards and regional regulations such as PDPA and related privacy laws. You will also be responsible for the maintenance, upkeep, and upgrades of security systems, including Microsoft Defender, Symantec, BitLocker, and Microsoft Intune.

• Compliance and certifications: You will lead the effort in obtaining and maintaining security-related certifications (e.g., ISO 27001, SOC 2, Cyber Essentials) that strengthen our credibility with clients and partners. This includes coordinating with external auditors, preparing documentation, and driving remediation of any gaps identified during the certification process.

• Client security questionnaires and RFP responses: You will serve as the go-to person for responding to client security questionnaires, RFPs, and due diligence requests. By researching and recommending cost-effective security tools and controls, you will ensure our environment meets the requirements our clients expect—without overengineering solutions.

• Risk assessment and audit: You will initiate and manage annual information security risk assessments, identifying vulnerabilities across our Microsoft 365 environment, endpoint infrastructure, and third-party integrations. You will coordinate internal and external audits, track findings, and drive remediation plans through to completion.

• Security awareness training: You will design, develop, and deliver an annual security awareness training programme for all staff, including on our learning platform – HAcademy. From phishing simulations to policy refreshers, you will foster a security-conscious culture that empowers every team member to be a line of defence.

• Vulnerability monitoring and incident response: You will continuously monitor security vulnerability alerts from sources such as vendor advisories, threat intelligence feeds, and our endpoint protection tools. When threats emerge, you will assess their impact, coordinate with the IT team to apply patches or mitigations and escalate per the Incident Response Procedures when necessary.

• Security tooling, vendor evaluation, and cybersecurity management: You will research, evaluate, and recommend cost-effective security solutions that address gaps in our environment while meeting client and regulatory requirements. This includes managing cybersecurity vendors and overseeing the integration of security tools into the broader IT ecosystem. You will also contribute to procurement decisions in collaboration with the Regional IT Director and maintain strong vendor relationships to ensure optimal performance and value.
• IT support and infrastructure backup: While your primary focus is cybersecurity, you will also serve as a backup for IT support and infrastructure functions. This includes assisting with endpoint troubleshooting, user support escalations, Microsoft 365 administration, and infrastructure tasks during peak periods or when colleagues are unavailable.
• Hosting of company website and related resources: You act as both a trainer and advisor to the wider IT team, providing guidance on cybersecurity best practices and key security considerations. In addition, you provide ad hoc support across end-user support and infrastructure needs, stepping in as required to ensure smooth and reliable IT operations.

 

Attributes of the Protagonist (That’s You) 

• Detail-oriented and methodical in approach

• Team player – your success is my success!

• Ownership mindset and accountability

• Proactive and vigilant – you spot risks before they become incidents

• Passionate about cybersecurity and continuous learning

• Strong communicator who can translate technical concepts for non-technical audiences

• Resourceful problem-solver with a cost-conscious mindset

• Adaptable and willing to step outside your core function when the team needs you

  

The Hero’s Background: Qualifications 

• Bachelor’s degree or above in Information Security, Computer Science, Information Technology, or a related field from a reputable university

• At least 4 years of experience in IT security, cybersecurity governance, or a related information security role

• Solid understanding of security frameworks and standards (e.g., ISO 27001, NIST CSF, CIS Controls)

• Experience conducting risk assessments, security audits, and compliance gap analyses

• Familiarity with Microsoft 365 security and compliance tools (Microsoft Defender for Office 365, Azure AD / Entra ID, Intune)

• Experience responding to client security questionnaires and RFPs in a professional services or agency context

• Knowledge of endpoint protection solutions and vulnerability management practices

• Understanding of data protection regulations across key operating regions (e.g., GPDR, CCPA, PDPA Singapore, China PIPL, etc.)
• Strong documentation and communication skills in English; proficiency in another language such as Chinese would be an advantage due to support of users in China
• Relevant certifications are a plus: CISSP, CISM, CompTIA Security+, ISO 27001 Lead Implementer/Auditor, or equivalent

  

Come join us and be at the forefront of marketing and communications, and work with industry-leading tech brands. We value diverse thinking, inclusion in decision making and embrace ideas that push the boundaries. 

 

We welcome applications from candidates based in Malaysia, with preference given to those who have existing rights to work in country. Should you have any reasonable accommodations, please feel free to indicate in your application to us.

 

A competitive salary, benefits package and career advancement opportunities will be offered to the successful candidate. We also offer our staff a four-week sabbatical after four years. 

 

We will contact all shortlisted candidates from notifications@app.bamboohr.com (our HR system). 

 

About Us  

We're an integrated communications consultancy that specializes in solving hard problems — the tougher, the better — for tech companies. Headquartered in Silicon Valley, we’ve established a global infrastructure tuned for the tech industry. Toward this end, we operate offices in Boston, Beijing, Hong Kong, Jakarta, Kuala Lumpur, London, Munich, Paris, Portland, San Jose, Seoul, Shanghai, Singapore, Shenzhen, Taipei and Tokyo.

 

We’re a company that values diversity and inclusion. We’re proud to be an equal opportunity employer. We welcome applications from all individuals irrespective of race, ethnicity, national origin, gender, gender identity, sexual orientation, age, religion, disability status, veteran status or any other characteristic.    

 

For more information, visit https://www.hoffman.com/ and https://www.apac.hoffman.com/.