Technical Capabilities

Governance, Risk & Compliance

  • Software Development Life Cycle
  • Risk Management
  • Partner Risk management
  • Inspection Readiness
  • Quality, Validation & Compliance
  • CIR (Compliance Impact Review)
  • Information Security Awareness

Information Risk Policy

  • Information Risk Management (IRM) Policy Design / Development / Implementation / Governance
  • IRM Policy Consultancy Services
  • Laws/Regulations / Standards / Risk Monitoring
  • PCI-DSS Audit Support

Cybersecurity Engineering

  • Identity & Access Management
  • PartnerNet
  • Data & System Protection

Cyber Intelligence & Response

  • Cyber incident response
  • Data loss prevention
  • Security Analytics
  • Threat & Vulnerability management
  • Forensic Investigation

Paul Lek
IT Risk Management & Security | APJ


Paul leads the ITRMS regional team in Singapore Hub to safeguard the confidential information, assets and intellectual property of the company. As a key member of a global team reporting to Chief Information Security Officer (CISO), his portfolio includes leading programs and projects in the area of Governance Risk Regulatory Compliance, IT Policy, Identity Access Management, Security Engineering, Threat Intelligence, and Security Incident Response. He is also the Data Protection Officer for MSD entities in Singapore reporting to the Chief Privacy Officer. Most recently, he was appointed as the regional lead for Enterprise Resiliency.

Paul was awarded the 2016 ASEAN CSO Honoree from International Data Group (IDG). He has served as Board of Director in ISACA Singapore Chapter and Co-Chair KnowledgeNet for International Association of Privacy Professionals (IAPP) in Singapore from 2014-2016. He was also a part of the judging panel for Singapore Cybersecurity Awards 2018 organized by CyberSecurity Agency of Singapore (CSA).

Paul began his career as a Singapore Military Warrant Officer in the division that is responsible for the information systems. Upon leaving the military service, Paul worked in the consulting and financial industries holding a variety of Information Security and Audit-related positions. He then spent seven years at Tyco International as Senior Manager of Information Security. Paul joined MSD in 2012.

Paul holds a Bachelor of Internet Science and Technology from University of Wollongong, Australia.


Our Responsibilities

  • ​Comprehensive Information Risk Management, Compliance Governance and associated processes that enable users to appropriately understand and improve their information risk, business compliance and regulatory posture.
  • ​Provide cybersecurity incident detection and response services across the network and endpoints safeguarding the perimeter, critical internal assets, 
    data, remote users, customers and partners.
  • Ensure an appropriate level of cyber security protection  and compliance based on the risks and threats facing the company. The capabilities include  access control, secure connection, data security, asset management & protective technology.​