Job Description

Head, Information Security

Date: 16-Jun-2022 Location: Singapore, Singapore Company: Singtel Group
At Singtel, we believe in the strength of a vibrant, diverse and inclusive workforce where backgrounds, perspectives and life experiences of our people help us innovate and create strong connections with our customers. We strive to ensure all our people practices are non-discriminatory and provide a fair, performance-based work culture that is diverse, inclusive and collaborative. Join us and experience what it’s like to be with an Employer of Choice*. Together, let’s create a brighter digital future for all. *Awarded at the HR Fest Awards 2020.
Information security is a highly niche IT expertise, highly sought after in the market, in this increasingly complex digital environment. The Business Information Security Officer (BISO) develops and drives the vision for the Singtel Group IT information security function.
Key Resposnibilities

• Establish the Singtel Group IT security vision, strategy and underlying security initiatives or programmes, which includes but is not limited to providing leadership for security design and review processes as well security consulting expertise.
• Align information security and information risk management strategy with business strategy, which includes but is not limited to leading the alignment of Singtel Group IT to the Group policy standards and frameworks; development and maintenance of Group IT cyber security standards and frameworks; liaison with Group Risk and the Cyber Security Risk Committee to ensure Singtel Group IT compliance to organizational policies; suggesting improvements to the business, information and technical artefacts that constitute the enterprise information security architecture and solutions; and leveraging Group knowledge whilst aligning Singtel Group IT to the Singtel Group Cyber Resilience team goals, objectives, policies, standards and framework.
• Provide strategic, budgetary and administrative guidance for implementation of security strategy, which includes but is not limited to communicating, overseeing, localising and executing technical implementations of security solutions required to meet business local objectives.
• Drive security awareness and education on information security throughout the organization.
• Advise the board and management on information security matters, which includes but is not limited to the areas of security design and processes; business, information and technical artefacts that constitute the enterprise information security architecture and solutions. Advisory includes expert level enterprise consulting to GIT teams and personnel in order to implement security by design for infrastructure, programs and projects; Provide expertise on security technologies and innovative security concepts.
• Support the development and maintenance of Group security and risk management policies and standards. Work closely with Singtel Group IT stakeholders to align cyber security governance to maintain balance between service capability and management of cyber security related risks.
• Evaluate current security practices to determine compliance with standards and industry norms. Work closely with Singtel Group IT stakeholders including vendors ,business partners and customers to ensure compliance to Cyber Security policy and standards, including monitoring of compliance .
• Oversee the implementation of appropriate plans to ensure compliance with regulatory, industry and regional mandates, including monitoring of compliance. Communicate, oversee, localise and execute technical implementations of security solutions required to meet business local objectives.
• Support information security and risk management awareness training programmes.
• Establish security architecture for Singtel Group IT aligned to Group Cyber Resilience. Accountable for ensuring that security operations handling the cybersecurity defences remain current and relevant.
• Direct the design of IT security architecture and the overall Cyber Risk Maturity Model. Coordinating the security standards, strategies and responses across Singtel Group IT will be crucial.
• Establish Key Performance indicators (KPIs) to assess the effectiveness of the security architecture.
• Facilitate the development of a reporting framework to measure the effectiveness of security programmes.
• Review security architecture to ensure that it addresses technology shifts and threats. Suggest improvements.
• Advise incident resolution. Accountable for ensuring that security systems, infrastructure and operations remain current and relevant. Coordinate the security standards, strategies and responses across Singtel Group IT.
• Provide subject matter expertise In IT security investigations.
• Drive resolutions of security incidents related to Group IT.
• Lead the development of plans to address system vulnerabilities. Communicate, oversee, localise and execute the plans.
• Advise on responses to regulatory inquiries, inspections or audits, , if necessary
• Present evidence for legal action following security incidents related to Group IT, if necessary
• Manage cyber risk. Work closely with Singtel Group IT teams and other functional area specialists to ensure adequate security solutions are in place throughout all systems and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements. These include the following : identify cyber security risks from internal systems and material vendors impacting the confidentiality, integrity and availability of the organization; perform threat assessments of identified vulnerabilities; define solutions to improve the cyber security posture to protect the assets and its ability to perform its mission and objectives; and communicate, oversee, localise and execute the plans.
• Guide the development of risk assessment frameworks.
• Advise business stakeholders to manage risk exposure and ensure business functionality.
• Drive compliance with international and national information security and privacy regulations, regulatory requirements.
• Liaise with external agencies, such as law enforcement and other advisory bodies and internal stakeholder groups, including but not limited to Legal and Group Risk.
• Lead the Singtel Group OIT Security team, ensuring compliance to local regulatory requirements, engaging internal groups, including but not limited to Legal and Group Risk.
• Work closely with Singtel Group IT stakeholders to align cyber security governance to maintain balance between service capability and management of cyber security related risks.
• Oversee Department management including budgets, forecasting, work allocations and staffing.
• Develop staff through ongoing coaching, mentoring and career discussion.
• Define and communicate common goals, direction and accountability among staff.
• Drive effective performance management practices within the department in accordance with organisation policies and procedures.
• Lead the Singtel Group IT Security Operations team or equivalent to deliver security monitoring services to GIT managed network and systems.

Requirements

• Minimum 10 to 15 years of experience as a security architect/network security architect.
• Minimum 10 to 15 years of practical experience developing information security policy, practices, standards and guidelines.
• Experience working as part of an Internal Audit, Governance and Compliance team.
• Expert or advance level competence in the following :

o Audit and compliance
o Business Continuity
o Business Needs Analysis
o Business Risk Management
o Cyber Forensics
o Cyber Incident Management
o Cyber Risk Management
o Disaster Recovery Management
o Enterprise Risk
o Partnership Management
o Security Architecture
o Security Assessment and Testing
o Security Education and Awareness
o Security Governance
o Security Programme Management
o Security Strategy
o Stakeholder Management
o Threat Analysis and Defence
o Threat Intelligence and Detection

• Advanced understanding in the following areas :

o Platform Security
o Data Security
o Network Security
o Physical Security
o Security Assessment Tools
o Security Monitoring Tools
o Security Compliance Audits

• Have exposure to other compliance audits such as PCI, SOX, mostly related to security part.
• Professional security management certifications such as Certified Information Systems Security professional (CISSP), Certified Information Security Manager (CISM) or other similar credentials, is required.