Onshore Cybersecurity Consultant
a) Provide cybersecurity support in system operations to ensure the compliance with Government policies, which include review, design and implementing security measure, process, controls for the Authority’s systems;
b) Review security audit reports and assessment conducted by auditors for security testing such as Vulnerability assessment, penetration testing, host configurations, IT general controls, risk assessments, etc;
c) Conduct reviews, gap analysis and provide recommendations on monthly reports and reviews, ensuring the compliance of the system processes to the Authority and Government policies;
d) Monitor and follow up with known vulnerabilities and risks in the Authority’s environment and systems;
e) Conduct cybersecurity assessments to identify vulnerabilities and risks in the
Authority’s systems and processes;
f) Design and follow through the implement of cybersecurity solutions in the Authority’s environment to protect against threats and attacks;
g) Review and verify that security policies, procedures, and best practices are implemented and comply with standards and guidelines by the Authority’s appointed contractors and systems;
h) Provide guidance and recommendations on cybersecurity strategies and technologies;
i) Conduct security awareness trainings to the Authority and the Authority’s appointed contractors when necessary to promote a culture of security;
j) Monitor and respond to security incidents and breaches, conducting forensic analysis on a need-be basis; and
k) Stay current on emerging cybersecurity threats, trends, and technologies.
21. The One (1) Onshore Cybersecurity Consultant proposed by the Contractor shall have at least 3 years of experience as a Cybersecurity Consultant or equivalent position and the following skill sets:
a) Bachelor’s degree in computer science, Electrical/ Computer Engineer, Information Technology or related discipline would be preferred;
b) Good capabilities in ICT governance, security/ risk/ data management frameworks;
c) Good knowledge in ICT infrastructure, applications and web/ cloud services;
d) Qualified and certified ICT professionals such as CREST, CRISC, CGEIT and CISSP; and
e) Knowledge of cybersecurity industry standards, government cyber security policies and requirements.