- Provide guidance to National Electronic Health Record (NEHR) project team in ensuring that NEHR system complies with security policies (IM8) and the relevant legal and regulatory frameworks (such as PDPA or Cybersecurity Act) throughout the product lifecycle
- Perform adequate risk management, including identification, assessment and provide treatment of security risks associated with NEHR. Risk assessment has to be performed in accordance with IM8 Risk Management Methodology framework
- Provide guidance to vulnerability assessments, source code review and penetration tests of NEHR system so that remediation actions can be undertaken by NEHR project team within the agreed timelines
- Provide security consulting and advisory to NEHR project team
- Review RFP proposal compliance with security requirements
- Review architecture design developed by Enterprise/Solution/Security Architect
- Perform cybersecurity assurance activities across the different stages of SDLC
- Perform independent assessments of the technical security controls implemented within the projects/systems to determine the overall effectiveness of the controlsDegree in Computer Science, Information Systems, Engineering or equivalent
- At least 10 years of IT security experience in areas of security governance, risk management, application security design, security project management or security operation
- Strong risk management and risk articulation skills
- Professional security certification is preferable, such as CISSP, CISM, CISA or other similar security certifications
- Self-motivated with the ability to work independently and as a team member with minimal direction
- Strong interpersonal and stakeholder management skills
- Good written and communication skills