Job Description

The Government Technology Agency (GovTech) aims to transform the delivery of Government digital services by taking an "outside-in" view, putting citizens and businesses at the heart of everything we do. We also develop the Smart Nation infrastructure and applications, and facilitate collaboration with citizens and businesses to co-develop technologies.

Join us as we support Singapore's vision of building a Smart Nation - a nation of possibilities empowered through info-communications technology and related engineering.

The Cybersecurity Consultancy Service team in the Cyber Security Group (CSG) in GovTech provides in depth technical Point-of-View of advanced security technologies and emerging technologies to support better use of technologies in Government and the Smart Nation initiatives.

What you will be working on:

• Provide leadership within the information security domain through development of practical and appropriate cybersecurity strategies and action plans.
• Engage, influence and manage stakeholders' expectations of cybersecurity risk management strategies and control measures.
• Drive the security governance framework and enforce cybersecurity risk assessment and risk acceptance from stakeholders.
• Plan and lead the review and endorsement of cloud security architecture in alignment with risk management plans.
• Lead in the design, development and implementation of cloud security architecture and technology to meet business functions while addressing cybersecurity threats and compliance requirements. Identify design gaps and recommend security enhancements.
• Align security architecture frameworks and standards with business strategies and functions.
• Support business initiatives through risk management, which involves performing security risk assessment to identify and analyse security risks, recommending risk treatment and mitigation measures, and assess residual risks.
• Advise stakeholders and ensure a secure ICT development lifecycle is in alignment with assessed security risks, security requirements, prevailing ICT security policies and standards.
• Involve in designing artefacts (spanning design, development, and implementation) into enterprise systems that aligns to security principles and overall Enterprise System Architecture.
• Involve in scoping of security tests, reviews and audits, as well as reviewing the results of security tests, reviews and audits to ensure security assurance is achieved.
• Provide technical leadership in the ICT security incident management of ICT systems to minimize the business impact and ensure learning points are distilled and shared across agencies to avoid repeated incidents
• Manage monitoring of systems and networks to ensure good situation awareness for timely detection and reporting of incidents. Provide regular reporting on critical system state of security with appropriate matrices
• Partner with MCISO, stakeholders, project teams, and outsourced vendors to ensure security objectives are achieved.

• Degree in Infocomm Security, Computer Science, Computer/Electronics Engineering, Information Technology, or equivalent with at least 8-10 years of IT experience in security roles with in-depth hands-on knowledge of security practice.
• At least 3-6 years of cloud security architecture experience with a demonstrated ability as a trusted advisor in understanding business needs and security risks.
• At least 8-10 years of technical proficiency in one or more of the following security areas: network design, applications development, Internet of Things, wireless communications, cryptography, hardware design protection, mobile management, cloud hosting design and implementation, DevSecOps consulting, design and implementation of CI/CD pipelines, etc.
• At least 3-6 years of experience in SOC, incident response an added advantage
• Possess CISSP and/or CISA certifications. Having cloud security or DevSecOps related certification are of added advantage.
• Knowledge and experience of operational security management techniques, architecture and designs.
• Knowledge and experience in risk management methodologies and risk evaluation techniques.
• Able to articulate cybersecurity risks, mitigation measures and residual risks verbally and in writing to stakeholders, in an easily-understood and actionable manner.
• Knowledge of system security architecture concepts including network topology, protocols, components and principles (e.g. application of Defence in-Depth), and able to specify where and how security controls should be applied to or engineered into the security design.
• Able to work and communicate with all level from senior management level to working level.