Job Description

Job no: 495104
Work type: Contract, full-time

Summary: The position is responsible for the University's information security awareness and education program. The overall goal of the security awareness and education program is to reduce information security risk by ensuring that all students, faculty, and staff understand University’s security policies and apply information security practices with respect to institutional data and information technology systems. In collaboration with other members of the cross-functional departments, this position will manage a comprehensive IT security awareness programme to manage human related security risk. This position will also assist in security operation including daily SIEM monitoring, security events investigation and managing application and system security vulnerability management. To perform security review to ensure IT provides the necessary impetus to implement design with inbuilt security best practices on existing IT operations and any new project implementations. Responsibilities:

• Create and promote IT security awareness by managing a cyber security awareness programme
• Plan and conduct annual role-based and general staff cyber security awareness training
• Perform cyber security training trending analysis and plan suitable outreach, awareness, and educational events to address any gaps identified.
• Evaluate and recommend information security technologies to improve University’s security posture
• Review compliance with University’s policies & procedures through an on-going security and audit review, not limited to log analysis and security assessment on existing or new network and IT systems
• Assist in coordinating and preparation of quarterly data protection and cybersecurity governance steering committee meeting
• Review cyber risk assessment submission and recommendation before submit for approval
• Conduct vulnerability assessment and penetration test on SUTD IT Systems and application
• Assist in security operation and cyber security incident investigation
• Any other technical duties as assigned

• Possess degree in Computer Science, Information Technology or a related discipline
• At least 5 to 6 years of relevant working experience in IT security, IT security operation & governance
• Good working knowledge of running cyber security awareness programme, IT security risk management, IT security governance framework and compliance (IT Security Audit / log review), IT security review (Vulnerability Assessment & Penetration Testing), application and system security, security technologies (IDS/IPS/WAF, Firewall, SIEM & PAM) and cyber security incident response.
• Professional information security certifications from ISACA, EC council and ISC will be added advantage
• Good analytical, communication and written skills
• Ability to work as a team player with cross-functional departments and also able to work independently with minimal supervision