- Nov 09, 2022
Reporting to the Head of Cyber and Governance, you will collaborate with a team of IT professionals across both Infra and Apps to drive digital transformation.
To ensure security is well-considered and planned from the beginning of the SDLC, you will be supporting the project team on activities such as conducting prior go-live and regular security risk assessment, working with the team to review and implement risk controls to mitigate the risks, providing consultancy on security testing reports, etc.
In addition, you will get to do hands-on management on our daily security operations related to our enterprise security solutions such as Antivirus, Phishing and Training Platform, Privileged Access Management (PAM), etc.
- Primary Point of Contact, and First Responder for assigned entity's Cybersecurity matters
- Perform security risk assessments, formulate, and advise on risk treatment plan
- Provide list of security requirements based on data classification and operating environment
- Assist business to perform business impact analysis and maintain cybersecurity risk register
- Support vendor due-diligence process and help to lead and define overall third-party risk management efforts
- Review security testing reports (e.g. vulnerability assessment, penetration testing and secure code review)
- Tracking and monitoring of security vulnerabilities and working with the team to plan for remediation or implementing controls to mitigate them
- Support in defining and managing of cybersecurity policies, standards and guidelines in support of legal and regulatory compliance needs as well as general IT and organizational cybersecurity advisory
- Work with Cybersecurity-CoE on security performance metrics and management reporting
- Manage and operate enterprise security solutions that are deployed within the organization with the support of the Cybersecurity-CoE and vendors
- Manage and support cybersecurity awareness or related activities (e.g. workshops, phishing campaigns, BCP exercises, tabletop exercises)
- Work closely and support both internal IT team and Cybersecurity-CoE in rolling out enterprise security solutions on-time
- Continuous monitoring of all the implemented cyber controls to ensure they remain effective
- Support both internal audit and external audits (e.g. ISO)
- Engage and build strong relationships with both internal and external stakeholders
- Support other IT governance initiatives
Key Job Competencies (Knowledge, Skills & Abilities)
- Minimum 5 years of experience in relevant cybersecurity fields
- Experience in managing security solutions such as Tenable, Enterprise Antivirus Solution, PAM, 2FA or other similar security technology stack
- Experience in supporting Cloud Environment (e.g. AWS or Azure) is preferred
- Ability to work with distributed teams to operate, institute real time awareness of security posture and baseline
- Able to engage and manage stakeholders
- Ability to communicate complex concepts clearly across different audiences and varying levels of the organization
- Experience in Project Management will be advantageous
- Experience and knowledge in international standards such as ISO27001, NIST, etc. will be advantageous
- Passion in contributing to a social purpose through technology
- Highly driven
- Willingness to learn
- Possess a degree in Information Technology or related fields
- Certifications are encouraged and demonstrate continuous learning and intake of standard methodologies applicable for this role. Eg. CISSP/ CISM/ CISA certifications or equivalent
If you are interested in this position, please click "Apply Now" and we will review your qualifications & reach out to you for further discussion & next steps.
Only shortlisted candidates will be responded to, therefore if you do not receive a response within 14 days please accept this as notification that you have not been shortlisted.
EA Licence No: 11C5502
Registration No: R1876903