Job Description

Job Function
Information Technology (Cybersecurity)
Job Summary
The Assistant/ Deputy Manager- Cybersecurity Governance, Risk and Compliance (Information Technology) will play a key role in strengthening the organisation's cybersecurity posture across its supply chain operations. He/she will be responsible for developing, implementing, and maintaining governance frameworks, risk management processes, and compliance programmes ensuring the organisation's security posture aligns with regulatory expectations, business objectives, and risk tolerance.
He/she will be involved working closely with business units, IT teams, and external stakeholders to ensure compliance with regulatory requirements, industry standards, and internal security policies.
He/she will also ensure that the cybersecurity framework aligns with the with the increase in velocity of changes in order to uphold the protection of the cyberspace for the organisation.
Equipped with an analytical mindset and communication skills, he is a problem solver and adept at managing a diverse group of stakeholders.
Job Responsibilities/Key Tasks(External)
Cybersecurity Governance

• Develop, implement, and review cybersecurity policies, standards, and procedures in alignment with organisational needs and national frameworks (e.g., CSA, IM8).
• Drive awareness and training programmes to embed a culture of cybersecurity across the organisation.
• Provide guidance to business units on secure practices and policy adherence.

Cybersecurity Risk Management

• Conduct regular risk assessments on IT systems, operational technologies, and supply chain processes to identify vulnerabilities and threats.
• Assess the cyber security risk of third-party vendors with an appropriate level of detail; oIdentify controls to address gaps in third party vendor relationships; Monitor the implementation of controls
• Establish risk registers, recommend mitigation strategies, and track remediation activities.
• Monitor emerging cybersecurity risks, particularly those affecting logistics, warehousing, and transportation systems
• Liaise with the application project team on Penetration test findings closure and improvement; track finding and ensure timeliness closure.
• Ensure Cyber risk register are kept up to date and risk are calculated accurately.

Cybersecurity Compliance and Audit

• Ensure compliance with regulatory requirements (e.g., PDPA, Cybersecurity Act, MAS TRM) and global standards (ISO 27001, NIST).
• Coordinate and support internal/external audits and customer security assessments.
• Maintain and update compliance documentation, audit evidence, and reports.
• Conduct assurance reviews to validate governance adherence and expected outcomes.
• Collaborate with technology and business teams to automate compliance checks and audit processes.
• Assess third-party vendor cybersecurity risks, define and monitor controls, and track remediation.
• Oversee security operations service provider in managing cybersecurity incidents and operations.
• Support deployment of cybersecurity solutions and assist in resolving security-related issues.
• Monitor, detect, and ensure timely remediation of cyber threats, risks, and vulnerabilities.
• Stay current with emerging threats, technologies, and industry best practices; recommend controls and solutions.
• Plan, conduct, and oversee vulnerability assessments and penetration testing, ensuring timely closure of findings.

Incident Preparedness & Reporting

• Support the development and testing of cybersecurity incident response and business continuity plans.
• Ensure governance and compliance aspects are addressed during incident investigations and post-mortems.
• Report cybersecurity metrics and compliance status to senior management and relevant committees.

Others

• Undertake assigned projects or duties as directed by Management.

Job Requirements

• Proficient in MS Office Applications / Microsoft Power Platform Applications and social media platforms
• Strong analytical and problem-solving skills, with the ability to assess risks and propose practical mitigation strategies.
• Positive attitude and willingness to learn
• Strong written and verbal communication skills
• Basic understanding of cybersecurity principles and best practices
• Ability to explain technical concepts to non-technical audiences
• Strong attention to detail and a commitment to maintaining accuracy and consistency in all communications.
• Self-motivated and proactive, with a demonstrated ability to work independently and take ownership of assigned tasks and priorities in a fast-paced environment.
• Ability to manage multiple tasks simultaneously and carry out tasks which are assigned by the Management.
• Team player with strong collaboration skills to work with IT, operations, and external vendors

Professional Qualifications & Relevant Experience

• Bachelor's degree in Cybersecurity, Information Security, Computer Science, or a related discipline.
• Professional certifications preferred: CISM, CISSP, CRISC, ISO 27001 Lead Implementer/Auditor, or equivalent.
• 5-8 years of experience of relevant cybersecurity experience, with at least 2-3 years in governance, risk, and compliance functions.

"This job is in partnership with the Employment and Employability Institute Pte Ltd ("e2i").
e2i is the empowering network for workers and employers seeking employment and employability solutions. e2i serves as a bridge between workers and employers, connecting with workers to offer job security through job-matching, career guidance and skills upgrading services, and partnering employers to address their manpower needs through recruitment, training, and job redesign solutions. e2i is a tripartite initiative of the National Trades Union Congress set up to support nation-wide manpower and skills upgrading initiatives.
By applying for this role, you consent to ST Logistics's PDPA - and e2i's PDPA - . "

Skills Required