Our client is a leading technology agency that revolutionalises, provides innovative and integrates smart technologies for the healthcare sector.
The Security Engineer (SO) will report to the Medical Device and Operation Technology (MDOT) lead. He/she will support the MDOT personnel in aligning IT security initiatives and ensure compliance with prevailing security policies and standards.
The SO will also track and provide regular reporting to management on MDOT security matters, including security incidents, non-compliance with security policies and standards, and results of internal audits or security tests.
Role and Responsibilities
* Provide guidance to the projects in ensuring that projects/ systems comply with security policies and the relevant legal and regulatory frameworks (such as PDPA or Cybersecurity Act) throughout the product lifecycle.
* Perform adequate risk management, including identification, assessment and provide treatment of security risks associated with systems handled by the Product Group. Risk assessment has to be performed in accordance with the organization's cybersecurity risk management framework.
* Provide guidance related to vulnerability assessments, source code review and penetration tests so that remediation actions can be undertaken by Product Group within the agreed timelines.
* Provide security consulting and advisory to the relevant groups.
* Review RFP proposal compliance with RFP security requirements.
* Analyzing and assisting in the secure design and architecture developed by Architecture teams and MD&OT vendors.
* Review medical device and operational technology systems specifications for suitability to meet MDOT standards and policies within the environment.
* Perform cybersecurity assurance activities.
* Evaluate risks related to third-party vendor and products and identify mitigating measures.
* Perform independent assessments of the security controls implemented within the MD&OT systems to determine the overall effectiveness of the controls.
* Establish/Improve procedures and processes necessary to ensure compliance to enterprise wide IT and MDOT security policy and standards.
* Maintain an appropriate level of security awareness within the BME and OT community to keep them apprised of security threats and appropriate actions to be taken.
* Carrying out compliance checks for new MD&OT projects/systems and its impact to the risk profile of the Institutions.
* Recommend compensating controls for deviations from IT/MD&OT security policies and standards.
* Implement new solutions to address gaps or improve security posture for the organization, or to meet new compliance requirements.
* Monitor for emerging threats and advise stakeholders on appropriate courses of action.
* Provide IT security advisory and consulting services to project teams.
* At least 5-8 years of IT security experience in the area of IT security infrastructure design and operations, and/or in an IT security compliance and assurance role.
* Working experience in medical devices OR operational technology, IOT and embedded systems.
* Strong interpersonal skills with ability to manage stakeholders.
* Candidates with CISA, CISM and/or CISSP certifications would have an advantage.
* Strong risk management and risk articulation skills.
* Professional security certification is preferable, such as CISSP, CISM, CISA or other similar security certifications.
* Self-motivated with the ability to work independently and as a team member with minimal direction.
* Good written and communication skills.
* Degree in Computer Science, Information Systems, Engineering or equivalent.
If you possess the relevant skillsets, please apply now with your updated CV.
We regret to inform only shortlisted candidates would be contacted.
Sherry Ng (R1657259)
M3S Solutions| Morgan McKinley Pte Ltd EA Licence No: 11C5502