Job Description

The role of this position is to lead and manage both Technology Security Compliance and Third-Party Risk Management (TPRM) teams. Responsibilities: * Work with GCR Governance & Compliance Senior The role of this position is to lead and manage both Technology Security Compliance and Third-Party Risk Management (TPRM) teams. Responsibilities: Work with GCR Governance & Compliance Senior Director to support technology security compliance and third-party cyber risk agenda of the Group CISO Manage and oversee the Group Technology Security Compliance program and Third-Party security program, incorporating compliance methodology using industry practices and standards. Review the effectiveness of the compliance framework, assessment toolkits and testing procedures based on the business threat landscape and regulatory requirements Manage the overall assessment plans, prioritization and manage yearly assessment scope, logistics and resources using a pragmatic approach for both programmes with the respective programme leads. Leverage external resources to augment internal capabilities to achieve program objectives Evaluate the effectiveness and compliance level of internal security controls, identify areas of improvements, and provide recommendations for remediation Record and track identified security gaps to closure, including escalating non-performance to business owners to take corrective actions to close gaps on a timely basis. Security gaps are to be recorded into the designated risk managed platform for consistency Report, monitor and track security gaps to closure Develop and maintain excellent working relationships with BU stakeholders, BU Chief Information Officers (CISOs) / Business Information Security Officers (BISOs), internal audit department and other key stakeholders at the Group level to ensure technology compliance and third-party cyber risks are addressed and/or mitigated to acceptable levels. Review the assessment reports carried out by the team members or vendors and provide guidance to them for improve team performance Review the risk registers of common security gaps, controls and recommendation knowledge database to drive consistency in the delivery of the compliance service Identify and implement initiatives to improve and optimise the programs by leveraging on digital solutions, data analytics, automation and industry practises Drive partnership with other third-party security program leads in Singtel Group to ensure consistency, relevance and effectiveness of the TPRM security risk management processes and tools. Provide regular reporting to Governance & Compliance Senior Director, Group Cyber Resilience VP and Management on security postures of Systems and third parties. Provide insights into risk trends and areas of improvements Provide feedback loop to security and data protection policy owners to keep policy requirements relevant and up to date with emergent cyber threats and regulatory landscape. Work with Group Legal, Risk and Procurement to ensure that TPRM Cybersecurity Risk Management and TPSP programs remain relevant to each Business Units and are effective in managing risks for Singtel Group. Provide ad-hoc due diligence and Merger and Acquisition (M&A) support to GCR or other Singtel Group BU as needed Provide support for CSRC Secretariat administrative activities (e.g., meeting support, minutes writing) Requirements: Bachelor's Degree in computer science, Computer Engineering, Electrical Engineering, or other relevant field of study Professional security management certifications such as a Certified Information Systems Security professional (CISSP), Certified Information Security Manager (CISM), Certified Information System Auditor (CISA) or other similar credentials, is required. Minimum 5 years of experience as Technology Security Compliance At least 6-8 years relevant information security working experience Experience working as part of an internal Audit, Governance and Compliance team or Risk Compliance consulting services. Good technical understanding in the following areas: Platform Security, Data Security, Cloud Security, Infrastructure Security, Network Security, Physical Security, Security Assessment Tools, Security Monitoring Tools. Strong understanding of Technology Compliance, IT Security risk, Audit and information security principles Strong understanding of regulatory requirements and information security standards such as IMDA Code of Practice for broadcasting and telecommunications, MAS TRM, PCI-DSS CIS Contrls, NIST, ISO27001, and OWASP. Knowledge on the requirements and controls for compliance to PDPA and GDPR Experienced Cybersecurity leader who has successfully built and managed a Cybersecurity risk advisory / assessment function Strong relationship management, analytical, problem solving, communication, influencing, planning and presentation skills. Ability to develop and coach cyber security technical knowledge to the next line of cyber security professional