We are seeking a Partner-grade Cyber and Digital Forensic Investigations practitioner to join our client in Singapore. The ideal candidate will hold senior incident-response and digital-forensics credentials with at least 15 years of relevant experience, the most recent 3+ years at Partner, Managing Director or equivalent practice-leadership level, and a market reputation as an incident-command and threat-attribution authority. The successful candidate will have a portable book of senior client and law-firm-partner relationships, a sustained personally-originated cyber-investigations revenue track record, and the brand presence to lead a cyber-investigations practice in the Singapore market. They will be responsible for taking incident commander positions on the most complex bet-the-company breaches, leading the highest-profile cross-jurisdictional matters end to end, originating and growing breach-coach and CISO-advisory mandates, and setting practice strategy on AI-assisted DFIR governance, hiring, pricing and methodology.

Confidential Client. Applying to this position means that you are interested to have an initial confidential discussion about how we can help you to identify and join a new cyber and digital forensic investigations practice at Partner level. With your authorisation we will exclusively run the entire application and recruitment process for you, keeping you apprised at every step. With over 30 years' combined experience of helping the most talented cyber-investigations practitioners to make safe exits to launch rewarding new careers, we have the experience, network and ability to help you.

Key Responsibilities:

• Take incident commander or technical lead positions on the most complex bet-the-company cyber matters - high-stakes, often privileged, often regulator-and-class-action-facing engagements running USD 1.5m - 10m+ in fees - with full P&L responsibility for the cyber-investigations engagement portfolio.
• Originate, win and grow Partner-instructed breach-coach and cyber-investigations mandates by carrying a portable book of senior relationships at General Counsel, CISO, Chief Risk Officer and Chief Compliance Officer level, and at relevant law firm partner level.
• Convert reactive case work into multi-year retainer engagements covering incident-response retainer, managed-detection-and-response (MDR), threat-hunting, tabletop-exercise programmes and CISO-advisory work; build the practice's standing-retainer book.
• Take signed-off authority positions on threat-actor attribution, root-cause findings, ransomware-payment governance and AI-assisted DFIR doctrine on bet-the-company matters; serve as cyber-investigations Partner before MAS, CSA, IMDA, PDPC and Singapore Police Cybercrime Branch where required.
• Lead the most complex multi-jurisdictional incidents - notably APAC-wide hyperscaler-cloud compromises, supply-chain attacks against critical-infrastructure operators, and nation-state-aligned intrusions touching Singapore CII operators - across host / network / cloud / memory forensics depth.
• Set the practice's strategy on tooling adoption (such as Splunk / Sentinel / Falcon / Defender stacks and the AI-assisted DFIR frontier), hiring, pricing and market positioning; shape the firm's incident-command doctrine and signed-off declaration practice.
• Build the practice's external IP and brand presence on cyber-investigations themes through published thought leadership and conference-level speaking engagements; pursue and maintain SANS, ISACA, FIRST and ACSIRT positioning where applicable.
• Hire, develop, mentor and advocate for the practice staff - Senior Directors, Directors, Senior Managers and the wider bench - championing advancement at firm-wide promotion rounds, sponsoring sustained upskilling on emerging methodology and AI tooling, and shaping their external profile-building. Contribute to firm strategy beyond the cyber-investigations sub-practice.

Required Qualifications and Skills:

• Multiple senior incident-response and / or digital-forensics credentials, such as GCFA plus GREM plus CISSP, or GNFA plus GCIH plus CISM plus an offensive-security credential (OSCP / CRTO) - the recognised stacking pattern at Partner level.
• At least 15 years of relevant experience in cyber investigations, incident response or digital forensics, with the most recent 3+ years at Partner, Managing Director or equivalent practice-leadership level.
• Demonstrable track record of leading the most complex regional cyber-investigations matters with full P&L accountability and signed-off threat-attribution and root-cause positions under regulator and class-action review.
• Demonstrable, sustained, personally-originated cyber-investigations revenue track record. Singapore market guide: USD 1.5m - 3m+ annually originated on cyber-investigations and breach-coach work, calibrated to the engaging firm.
• Portable senior client relationships at General Counsel, CISO, Chief Risk Officer, Chief Compliance Officer and Audit Committee Chair level, and at relevant law firm partner level (cyber and data-breach practice, regulatory enforcement, white-collar crime, internal-investigations and class-action / privacy-litigation practices) who refer and instruct cyber-investigations work - credibly portable subject to non-compete and non-solicit posture; named accounts with multi-year history are the strongest evidence.
• Experience running a cyber-investigations sub-practice or country-team P&L: revenue, utilisation, gross margin, partner-time leverage, hire-and-promote responsibility, tooling and licensing strategy.
• Authority on the Singapore cyber-incident framework: the Cybersecurity Act 2018 and 2024 (Amendment) Act, IMDA Cybersecurity Code of Practice for Critical Information Infrastructure, MAS Technology Risk Management Guidelines, MAS cyber-incident-notification obligations, PDPA data-breach notification framework and PDPC enforcement-decision pattern at post-2024 depth.
• Cross-border fluency on US incident-response practice (FTC, SEC cyber-disclosure rules, FBI IC3 referral), EU NIS2 and GDPR Article 33-34 breach notification, UK NCSC and ICO breach reporting, Hong Kong HKMA Supervisory Policy Manual on operational resilience and SFC cyber expectations, Australian APRA prudential standards on information security / SOCI Act, and PRC CSL / DSL / PIPL data-export sequencing during live incidents.
• Familiarity with industry-standard DFIR tooling at Partner-policy depth, including SIEM (Splunk, Sentinel, QRadar, Elastic), EDR (CrowdStrike, SentinelOne, Carbon Black, Defender), forensic-imaging (EnCase, Magnet Axiom, X-Ways, FTK), memory-analysis (Volatility, Rekall), network-forensics (Wireshark, Zeek, Arkime), and reverse-engineering (IDA Pro, Ghidra, x64dbg).
• Realistic engagement on notice periods and non-compete / non-solicit obligations given the senior nature of the move and the relationship-led nature of the practice.

Preferred Experience:

• Offensive-security stacking (such as OSCP, OSCE, CRTO or CRTP) for Partners whose practice covers adversary-emulation and breach-and-attack-simulation work.
• Authoring or co-authoring credit on FIRST, ENISA, MITRE or SANS publications.
• Postgraduate qualification: Master's in computer science, information security, digital forensics, MBA, or LLM with cyber-law / privacy / regulatory relevance.
• Multilingual capability (Mandarin, Bahasa, Hokkien) for regional witness, custodian and threat-actor-communication contexts.
• Visible market profile in the Singapore / APAC cyber-investigations community: published author, conference speaker, recognised authority on incident-command or attribution, named in legal directories and industry rankings.
• Track record of testifying or signed-off declaration on cyber-investigations issues in arbitration, court or regulator proceedings.
• Demonstrable conversion of one-off breach-response engagements into multi-year incident-response retainer and CISO-advisory work.
• Visible thought leadership on the AI developments reshaping cyber and digital forensic investigations and a documented growth-mindset operating posture: candidates who set the practice direction on tooling adoption (such as AI-assisted DFIR via CrowdStrike Charlotte AI or Microsoft Sentinel Copilot, prompt-injection defence, AI-system-compromise investigations, or LLM-aided malware-analysis triage), advocate for and develop their practice staff on emerging methodologies, and have a track record of upskilling-programme delivery within the sub-practice.

Compensation:

Partner-level package commensurate with origination, portable book and seniority. Includes base, profit-share / partnership-distribution, equity participation and long-term incentive arrangements.

Next Steps:

This opportunity is open to Singaporeans, Singapore permanent residents, and qualified candidates with relevant work-rights status who match the above criteria. Please apply to receive prompt confidential contact from an experienced and specialist cyber and digital forensic investigations recruitment Partner.

Search & Counsel is a trading style of Feltan Associates Pte Ltd; an international Executive Search, Recruitment and Consulting business based in Singapore, licensed and regulated by the Singapore Ministry of Manpower to conduct recruitment services for clients. UEN: 202225620G. EA Licence 23S1672. All rights reserved.