Manager, CyberSecurity & IT Governance

COMPANY DESCRIPTION

National Gallery Singapore is a leading visual arts institution which oversees the world's largest public collection of Singapore and Southeast Asian modern art. Situated at the birthplace of modern Singapore, in the heart of the Civic District, the Gallery is housed in two national monuments - City Hall and former Supreme Court - that have been beautifully restored and transformed into this exciting 64,000 square metre venue. Reflecting Singapore's unique heritage and geographical location, the Gallery aims to be a progressive museum that creates dialogues between the art of Singapore, Southeast Asia and the world to foster and inspire a creative and inclusive society. This is reflected in our collaborative research, education, long-term and special exhibitions, and innovative programming. The Gallery also works with international museums such as Centre Pompidou, Muse d'Orsay, Tate Britain, National Museum of Modern Art, Tokyo (MOMAT) and National Museum of Modern and Contemporary Art, Korea (MMCA), to jointly present Southeast Asian art in the global context, positioning Singapore as a key node in the global visual arts scene.

In 2020, the Gallery was the only museum in Southeast Asia that received a ranking in The Art Newspaper's annual global survey of attendance at art museums, taking 20th place. In 2018, the Gallery was also the first museum in Asia to receive the Children in Museums Award by the European Museum Academy and Hands On! International Association of Children in Museums. It also won the awards for "Best Theme Attraction" at TTG Travel Awards 2017, "Best Attraction Experience", "Breakthrough Contribution to Tourism" and "Best Customer Service (Attractions)" at the prestigious Singapore Tourism Awards in 2016 for its role in adding to the vibrancy of Singapore's tourism landscape.

We offer job opportunities in our dynamic organisation. Working at the Gallery enhances and cultivates your love for the arts, and offers you a chance to be part of the Gallery's vision.

OUR PEOPLE

At National Gallery Singapore, we develop cultural leaders who make the world better. Our people are united by a shared belief in the power and necessity of art, and work together to create meaningful experiences for our visitors.

RESPONSIBILITIES

The Cybersecurity Manager is responsible for safeguarding the art museum's digital assets, information systems, and IT infrastructure from cyber threats. The role encompasses overseeing the implementation of cybersecurity protocols, managing risk, and ensuring compliance with industry standards and governance policies. The ideal candidate will also possess a strong understanding of IT governance to align cybersecurity strategies with the museum's objectives and operations.

Key Responsibilities:

• Cybersecurity Strategy & Implementation:
• Develop and implement a comprehensive cybersecurity strategy tailored to the museum's needs.
• Oversee the deployment of security technologies (firewalls, intrusion detection, anti-malware) and ensure their proper operation.
• Conduct vulnerability assessments and penetration testing on systems, networks, and devices to identify and mitigate risks.
• IT Governance, Data Governance & Compliance:
• Establish and enforce IT governance policies in line with industry standards and legal/regulatory requirements (e.g. PDPA, ISO27001) and how they interact with IT governance and cybersecurity strategiesCollaborate with museum leadership to align cybersecurity policies with strategic goals.
• Monitor and ensure compliance with internal governance frameworks, data privacy laws, and external audit requirements.
• Manage and perform assessment and review on security review for applications and systems.
• Collaborate with the Data Governance team to establish and enforce data governance policies, standards, and procedures, ensuring alignment with the overall IT governance strategy.
• Implement and oversee frameworks for data protection, data lifecycle management, and regulatory compliance, including data classification and data handling standards.
• Incident Response & Management:
• Develop and manage the incident response plan, ensuring rapid and effective response to cybersecurity incidents, including data-related breaches
• Coordinate with external agencies and partners for threat intelligence and reporting.
• Conduct post-incident analysis and ensure continuous improvement in response tactics.
• Work with Data Governance and IT teams to ensure proper logging, monitoring, and alerts for data breaches or unauthorised access to sensitive data.
• Risk Management:
• Lead cybersecurity risk assessments and establish risk management plans, considering threats to museum data, artwork security systems, and visitor information.
• Implement controls to safeguard sensitive information (e.g., donor data, collections inventory, financial records).
• Maintain up-to-date risk registers and report on the security posture of museum systems.
• Conduct regular risk assessments and audits of data governance processes to identify gaps in data security and compliance.
• Partner with the Data Governance team to monitor compliance with data protection regulations, including conducting privacy impact assessments and data breach investigations.
• Staff Training & Awareness:
• Create and deliver cybersecurity awareness training for museum staff, volunteers, and contractors.
• Promote a culture of security awareness and ensure best practices are followed across the organization.
• IT and Data Asset Protection:
• Secure the museum's technology stack, especially with regards to personal data and intellectual property on Gallery's system, such as CDP/CRM, artwork collections systems, and ticketing system.
• Ensure security and compliance of digital assets and systems.
• Collaborate with the Data Governance team to implement data classification schemes and maintain a comprehensive data inventory, including critical, sensitive, and regulated data.
• Vendor & Third-Party Management:
• Assess third-party vendors and contractors to ensure compliance with the museum's cybersecurity policies.
• Negotiate security terms in vendor contracts and oversee third-party risk management.

Must-Haves:

• Bachelor's degree in Computer Science, Information Security, or related field.
• 5+ years of experience in cybersecurity, preferably within a cultural institution, museum, or non-profit environment.
• Experience in IT governance (e.g. COBIT, ITIL), data governance risk management, and compliance (GRC).
• Proficient in network security technologies (eg. firewalls, VPNs, IDS/ IPS)
• Expertise in cybersecurity practices such as data encryption, data masking, identity and access management, and vulnerability assessments.
• Strong problem-solving skills and the ability to think critically under pressure.
• Effective communication skills, with the ability to translate complex technical issues into accessible language for museum staff and stakeholders.
• Interest in art and a desire to protect the museum's mission through robust cybersecurity.

Good-to-Haves:

• Hands-on experience with security operations, incident response, and digital forensics.
• Experience with data governance tools (eg. MS Purview, Atlation, Informatica)
• CISSP, CISM, CRISC