M3S is working exclusively with a large-scale IT end user in Singapore, we are looking for an experienced and talented IT Security Manager.
We are currently looking for a champion IT Security Manager for the company's Security Implementation and Management Services department. You will be providing security consultation, ensuring all security risks are identified and managed. This includes the implementation of solutions and framework to ensure alignment with product's security requirements.
Role and Responsibilities
Provide security consulting for the Product Group initiatives to ensure that security risks are identified, communicated to relevant stakeholders, and mitigated to acceptable levels, and to ensure alignment with products' security requirements.
Ensure that cybersecurity controls are considered during product design, identify the appropriate solutions and measures, and ensure they are implemented in each phase of the development lifecycle.
Ensure that the Product Group projects/ systems are compliant with information security policies, and the relevant legal and regulatory frameworks throughout the product lifecycle.
Track and monitor deviations from information security policies and standards and identify mitigating controls to reduce risks in products.
Provide oversight of product-related cybersecurity risks. Ensure that the Product Group performs risk assessments in accordance with the established cybersecurity risk management framework.
Evaluate risks of third-party vendor products and provide solutions and measures to ensure compliance with the established information security policies.
Provide security oversight on third-party vendors for outsourced product development and/or maintenance.
Implement security related processes and procedures, including secure-by-design methodology, applications secure coding practices, patch management processes, identity and assess management processes, etc.
Implement appropriate tools such as application security testing and code scanning tools to assist software developers in Product Group to secure web, mobile and enterprise applications.
Support investigations into cybersecurity incidents, including root cause analysis and post-incident review.
Requirements / Qualifications
Years of Experience At least 6 - 8 years' experience in developing, implementing and maintaining IT systems
Degree in Computer Science, Information Systems, Engineering or equivalent.
At least 10 years of IT security experience in the area of application security design, security consultants for large-scale system development projects, and/or IT security compliance and assurance.
Familiar with common SDLC models (such as waterfall model and agile), security-by-design concepts and implementation, and common information security management frameworks, such as ISO/IEC 27001, NIST Cybersecurity Framework.
Experience in software assurance practices such as SAFE Code, and/or SAMM.
Professional security certification is desirable, such as CISSP, CISM, CISA or other similar credentials.
Self-motivated with strong interpersonal and stakeholder management skills.
Analytical, effective communicator and able to work independently