Job Description:
1. Lead, manage and provide cybersecurity governance and related support activities such as: -
• Conducting comprehensive risk assessments on IT assets and vulnerabilities, including logs analysis and security assessments;
• Ensuring all penetration and vulnerability assessment findings, gap analyses, deviations and threat analyses is properly tracked, managed, and resolved in a timely manner;
• Planning and executing cybersecurity initiatives to protect against emerging threats;
• Working with Group of IT to implement and ensure compliance for the company and its Overseas Business Units on the following: -
- • Group Cyber Security Master Plan (CSMP)
- • Group IT Security Standards (GITSS)
- • Group Operational Technology Security Standards (GOTSS)
- • Cybersecurity Capability Maturity Model (C2M2)
• Conducting monthly phishing exercises, information security awareness training;
• Organising Business Continuity Planning (BCP) and Table-Top exercise with internal stakeholders annually;
• Providing monthly updates to Group IT on cybersecurity activities and compliance status;
• Contributing to the development, maintenance, and reporting of ongoing monthly Key Risk Indicators;
• Developing and maintaining cybersecurity documentation, including policies, procedures, and incident reports;
• Keeping abreast of industrial IT security advancements and recommending appropriate security enhancements to IT infrastructure and systems;
• Communicating security risks and incidents to senior management and stakeholders.
2. Play the role of Data Governance and Data Protection Officer: -
• Ensuring the company’s compliance according to data protection policies, including company's Data Governance policy and Singapore's Personal Data Protection Act (PDPA);
• Reviewing, identifying, tracking, and resolving gaps and deviations identified from the data protection policies.
3. Lead and coordinate with internal and external auditors: -
• during annual audits, focusing on areas of Cybersecurity, PDPA and ISO27001;
• ensuring audit readiness and successful audit outcomes.
The successful candidate should preferably possess the following:-
• A degree in Computer Science, Information Technology, Cybersecurity or equivalent
• At least 5 years of professional experience in security governance, security audits, security systems management, protection of classified and sensitive information, and compliance management.
• Professional certifications in Certified Information Systems Security Professional (“CISSP”) OR
• GIAC Certified Incident Handler (GCIH) certifications in cybersecurity is essential.
• Prior experience in conducting risk assessments and gap analyses is essential.
• Prior experience in developing and implementing cybersecurity and data protection policies, procedures, and standards is essential.
• Prior experience in at least 2 of the below is essential: -
• IT infrastructure support / applications development / project management / team management
• Strong understanding in cloud security, application security, network security, and data protection is preferred.
• Understanding of international security standards such as ISO27001, ISO27002, NIST Cybersecurity Framework and OWASP is preferred.
• Ability to muti-task; manage multiple projects and priorities simultaneously.
• Excellent written, effective communication and proven leadership skills
Interested applicants please send your resume to [email protected]
Venessa Goh Wee Ni
R24124686
Recruit Express Pte Ltd
EA License No: 99C4599
RCB No.: 199601303W
