Job Description

Company Introduction
Lexagle is a Singapore-headquartered legal tech company dedicated to
transforming how businesses manage their contracts and legal workflows.
We value innovation, security, and collaboration, ensuring our technology
and operations meet the highest standards of compliance and trust.

Position Overview
We are seeking an experienced and highly motivated Information Security &
IT Asset Manager to lead our organisation's efforts in protecting both
physical and IT assets, managing our security posture and preparing for key
security certifications such as ISO 27001 and SOC 2. This role will oversee
the day-to-day management of IT assets, physical asset security, liaise with
external auditors, coordinate audits and certifications, and continuously
improve our security controls across the company. The ideal candidate is
proactive, detail-oriented, and able to work with stakeholders across the
business.

Responsibilities
? Establish and maintain a comprehensive IT asset inventory (hardware,
software, peripherals, mobile/endpoint devices), including lifecycle
tracking, procurement coordination, disposal, and security controls.
? Oversee physical asset security measures (office access controls,
hardware storage/transportation, secure disposal of devices) and
collaborate with facilities/security teams.
? Develop, implement, and maintain information security policies,
standards, and procedures aligned to ISO 27001 framework and other
relevant standards (e.g., SOC 2).
? Drive the preparation, execution, and monitoring of internal audits,
readiness assessments, and external certification audits (ISO 27001, SOC
2), including coordinating with external auditors, tracking non-
conformances, and corrective actions.
? Conduct periodic risk assessments specific to IT assets and physical
assets; identify vulnerabilities and recommend mitigation strategies.
? Monitor security controls across IT infrastructure (network, endpoints,
access controls, cloud services, physical devices), and collaborate with IT
operations to ensure controls are enforced and maintained.? Serve as the primary point of contact for external auditors and
certification bodies; ensure audit logistics, documentation, and
stakeholder readiness.
? Maintain and report on security metrics, audit readiness status, non-
conformity remediation progress, and asset security posture.
? Promote security awareness and training across the company (physical
security hygiene, asset handling, information security best practices).
? Work cross-functionally with IT, Legal/Compliance, HR, Facilities, and
Finance to integrate security and compliance controls into business
operations.
? Support incident response efforts related to asset theft/loss, physical
security breaches, or IT security events; participate in post-incident
review and prevention efforts.
? Stay up to date with information security trends, certification
requirements, audit practices, and regulatory developments; advise
leadership on security improvements.

Basic Qualifications
? Bachelor's degree in Information Technology, Computer Science,
Information Systems, Cybersecurity, or related field (or equivalent
experience).
? Minimum of 3-5 years' experience in IT asset management, information
security, compliance/audit preparation, or related field.
? Strong understanding of ISO/IEC 27001 and audit/certification processes
(preparation, internal audit, external audit).
? Demonstrated experience managing IT assets, securing
hardware/software lifecycles, and applying security controls to physical
and digital assets.
? Excellent stakeholder management and communication skills; ability to
coordinate across departments and liaise with external auditors.
? Good analytical and risk assessment skills; ability to identify
asset/security risks and propose practical mitigation.
? Proficiency in documenting policies and procedures, tracking audit
findings, and managing corrective action workflows.
? Proven ability to work independently and take ownership of security
initiatives.

Preferred Qualifications
? Professional certifications such as CISSP, CISM, CISA, ISO 27001 Lead
Implementer/Auditor.
? Experience with SOC 2 or similar attestation frameworks.
? Prior involvement in obtaining or maintaining ISO 27001 certification or
similar.
? Experience working in a fast-paced or start-up environment.? Familiarity with cloud services/infrastructure security, endpoint/mobile
device security.

Job Type: Full-time

Work Location: Hybrid remote in Singapore 369585