Job Description

AD, 3rd Party Risk Mgmt

Date: 26-Jul-2022 Location: Singapore, Singapore Company: Singtel Group
At Singtel, we're working on projects that push the boundaries of digital, realising our vision and purpose to Empower Every Generation. We have a dynamic and diverse team, with a passion for innovation, and talent to deliver cutting-edge digital solutions and immersive customer experience.
In Group IT, we create great technology that can change the future, and we're looking for people to be part of our digital and 5G journey. If you like to work in a dynamic, leading communications technology group to deliver innovations and excellence across the region, come join our digital, software engineering, data and cyber security teams!
Apply now, and ignite our digital future together.
The role of this position is to lead the Third-Party Risk Management team performing cyber security risk assessments on third parties in compliance with regulatory requirements and organizational policies. He/she would provide Cyber Security Risk Committees (CSRC) oversight on cyber security risks of Third-Party Service Providers (TPSPs). Responsibilities:

• Work with GGC Director to support the third-party security risk agenda of the Group CISO
• Develop and manage Third Party Risk Management Program incorporating third-party cyber risk management process and cyber security assessment methodologies using industry standards to safeguard Singtel Group information assets against cyber threats and risks.
• Schedule, supervise and manage the cybersecurity risk assessment on Third Party Service Providers (TPSPs).
• Perform cyber security assessments on TPSPs to provide Cyber Security Risk Committees (CSRC) oversight on cyber security risks of TPSPs.
• Communicate identified cybersecurity risks of TPSPs to Business Unit stakeholders and provide the required risk advisory to assist the stakeholders to make the appropriate decision to address the identified risks.
• Monitor all identified cyber security risks of systems or services (operated or managed by TPSPs) to ensure they are addressed within agreed timelines and update the Business Owners periodically.
• Provide regular reporting to CSRC on security postures of TPSPs.
• Review the reports of TPSP assessment carried out by the team members and provide guidance to them for improve team performance.
• Develop overseas travel plan for each financial year outlining the schedules, budgets and TPSP locations for cybersecurity risk assessment.
• Provide assessment findings and risk trends of TPSPs to Policy & Awareness team for sharpening the standards and guidelines.
• Work with Group Legal, Risk and Procurement to ensure that TPSP Cybersecurity Risk Management Program remains relevant to each Business Units.

Requirements:

• Bachelor’s Degree in Computer Science, Computer Engineering, Electrical Engineering or other relevant field of study (Candidates without degree but has relevant experience will also be considered.)
• Minimum 4 years of practical experience in third-party / vendor risk management.
• Minimum 8 years of experience as an Information Security Professional
• Experience working as part of an internal Audit, Governance and Compliance team.
• Advanced understanding in the following areas: Platform Security, Data Security, Network Security, Physical Security, Security Assessment Tools, Security Monitoring Tools.
• Advanced understanding in the following areas: Security Governance Standards, Business Continuity Planning, Enterprise Risk Management, Computer Security Incident Response, and Security Compliance Audits.
• Professional security management certifications such as a Certified Information Systems Security professional (CISSP), Certified Information Security Manager (CISM) or other similar credentials, is preferred.
• Have exposure to other compliance audits such as PCI-DSS, SSSAE, ISO27K, SOX, and other information security framework