Information Security Manager (CISO)

About the role

FNKT Hospitality Group is a growing Singapore-based hospitality and foodtech operator with restaurants, a central kitchen, delivery integrations and a digital ordering platform. We combine traditional F&B operations — from kopitiam-style breakfast concepts to full-service restaurants and hotel partnerships — with modern cloud and POS systems. As digital channels and payment volumes grow, we need a senior security leader to protect customer data, ensure regulatory compliance and strengthen our security posture.

The Information Security Manager will define and execute a pragmatic security strategy covering cloud infrastructure, POS and payment systems, vendor security, incident response and staff awareness. You will work closely with IT, operations and commercial teams to balance security with operational realities across venues (CBD lunch crowds, heartland malls and delivery/central kitchen logistics). This is a hands-on leadership role with both technical ownership and stakeholder-facing responsibilities.

This role offers an opportunity to shape security for a fast-scaling hospitality group, implement best-practice controls (PCI-DSS, PDPA, ISO27001-aligned processes) and build a small security function. If you enjoy cross-functional work, have hospitality or retail payments experience, and want to protect a multi-site operation that mixes front-of-house and digital channels, this role is attractive and high-impact.

About FNKT Hospitality Group

FNKT Hospitality Group operates 20+ branded outlets in Singapore, a central kitchen supporting delivery and wholesale, and an in-house digital team managing online ordering and POS integrations. We prioritise guest experience while investing in tech to scale operations and partnerships with delivery platforms and hotels.

What you can expect

• Multi-concept group with stable ownership and clear digital roadmap
• Head office in CBD with frequent site visits across city and heartland locations
• Opportunity to build and lead a new security function
• Exposure to PCI-DSS, cloud infrastructure and large-scale POS environments

Key responsibilities

• Define and own the information security strategy and roadmap aligned to business priorities.
• Lead risk assessments, gap analyses and remediation plans across cloud, on-prem and POS systems.
• Establish and maintain security policies, standards and procedures (including access control and encryption policies).
• Manage PCI-DSS, PDPA and other regulatory/compliance initiatives; liaise with auditors and assessors.
• Run/coordinate incident response, forensic investigations and post-incident reviews; maintain an on-call rota.
• Oversee vendor and third-party security assessments for delivery partners, payment gateways and cloud providers.
• Implement and manage security tooling (SIEM, EDR, vulnerability scanning) and monitor security events.
• Develop and deliver security awareness and training programmes for operations and back-of-house staff.
• Manage a small security team or external MSSP relationships and own security budget and procurement.
• Report security posture, KPIs and risks to senior management and board-level stakeholders.

Requirements

• Bachelor’s degree in Computer Science, Information Security, IT or equivalent experience.
• Minimum 7 years’ experience in information security, with at least 3 years in a leadership or managerial role.
• Proven experience with PCI-DSS compliance and securing payment card environments (POS, payment gateways).
• Hands-on knowledge of cloud environments (AWS/Azure/GCP), network security, and incident response.
• Familiarity with PDPA (Singapore Personal Data Protection Act) and relevant data protection controls.
• Experience implementing SIEM, EDR, vulnerability management and identity/access management solutions.
• Strong stakeholder management and communication skills; able to explain technical risk to non-technical leaders.
• Willingness to be on-call and attend occasional out-of-hours incident responses or site audits.

How to apply

Apply via the job listing page or send your CV and a short cover letter describing your information security leadership experience and relevant compliance work to the email below.