a) Provide cybersecurity support in system operations to ensure the compliance with Government policies, which include review, design and implementing security measure, process, controls for the Authority’s systems;
b) Review security audit reports and assessment conducted by auditors for security testing such as Vulnerability assessment, penetration testing, host configurations, IT general controls, risk assessments, etc;
c) Conduct reviews, gap analysis and provide recommendations on monthly reports and reviews, ensuring the compliance of the system processes to the Authority and Government policies;
d) Monitor and follow up with known vulnerabilities and risks in the Authority’s environment and systems;
e) Conduct cybersecurity assessments to identify vulnerabilities and risks in the Authority’s systems and processes;
f) Design and follow through the implement of cybersecurity solutions in the Authority’s environment to protect against threats and attacks;
g) Review and verify that security policies, procedures, and best practices are implemented and comply with standards and guidelines by the Authority’s appointed contractors and systems;
h) Provide guidance and recommendations on cybersecurity strategies and technologies;
i) Conduct security awareness trainings to the Authority and the Authority’s appointed contractors when necessary to promote a culture of security;
j) Monitor and respond to security incidents and breaches, conducting forensic analysis on a need-be basis; and
k) Stay current on emerging cybersecurity threats, trends, and technologies.
21. The One (1) Onshore Cybersecurity Consultant proposed by the Contractor shall have at least 3 years of experience as a Cybersecurity Consultant or equivalent position and the following skill sets:
a) Bachelor’s degree in computer science, Electrical/ Computer Engineer, Information Technology or related discipline would be preferred;
b) Good capabilities in ICT governance, security/ risk/ data management frameworks;
c) Good knowledge in ICT infrastructure, applications and web/ cloud services;
d) Qualified and certified ICT professionals such as CREST, CRISC, CGEIT and CISSP; and
e) Knowledge of cybersecurity industry standards, government cyber security policies and requirements.