Job Description

Job Purpose

Security, privacy and operational resilience are critical issues facing all organizations today. We are currently looking for qualified and capable security minded individuals to be the driving force behind SMRT\'s cyber security measures with the goal of enabling ongoing, secure and reliable operations across the enterprise.

Responsibilities

As Manager, Cyber Security (Risk), you will work as part of the team to develop, implement, and maintain effective cybersecurity governance frameworks within the organization. You will play a critical role in ensuring the security of the organization\'s information assets, protecting against cyber threats, and maintaining compliance with applicable regulations and standards. Your role will involve collaboration with various stakeholders, including executive management, IT teams, legal departments and external auditors. Specific responsibilities include, but are not limited to:

• Design and establish comprehensive frameworks, policies, procedures, and guidelines to govern the organization\'s cybersecurity practices.
• Conduct regular risk assessments to identify potential vulnerabilities, threats, and risks to the organization\'s information assets. Develop risk mitigation strategies and coordinate with relevant teams to implement appropriate controls.
• Stay up-to-date with relevant laws, regulations and industry standards related to cybersecurity. Ensure the organization\'s compliance with these requirements.
• Develop and maintain cybersecurity policies and procedures. Ensure consistent policy enforcement across the organization and provide guidance and training to employees on cybersecurity best practices.
• Collaborate with incident response teams to develop and maintain effective incident response plans. Conduct tabletop exercises and simulations to test the organization\'s incident response capabilities.
• Evaluate and assess the cybersecurity posture of third-party vendors and service providers. Develop and implement vendor risk management frameworks to ensure the security of outsourced services.
• Develop and deliver cybersecurity awareness programs to educate employees about security risks, social engineering, phishing, and other relevant topics. Foster a culture of cybersecurity awareness and responsibility across the organization.
• Establish mechanisms for continuous monitoring of cybersecurity controls, systems, and processes.
• Provide regular reports and updates to management and relevant committees on the organization\'s cybersecurity posture.

Qualifications & Work Experience

• You should possess a Bachelor Degree in Information Systems, Computer Science or equivalent.
• At least 6 years of experience in Cybersecurity with prior experience in cybersecurity governance. This includes experience in developing and implementing cybersecurity policies, procedures, and standards. Demonstrated knowledge of risk assessment, compliance management, incident response planning.

Skills

• Proficiency in conducting risk assessments, vulnerability assessments, and developing risk mitigation strategies. Understanding of risk management frameworks and methodologies.
• Cybersecurity credentials such as CISSP, CISM, CRISC will be advantageous
• Familiarity with regulatory frameworks such as the CSA Code of Practice (CCoP) and LTA Cyber Security Incident Management Framework
• Strong understanding of cybersecurity principles, concepts and familiar with cybersecurity frameworks and standards such as NIST Cybersecurity Framework, ISO 27001, or COBIT is beneficial.
• Ability to translate cybersecurity threats or risk to impacts on the ICT/OT environment and communicate effectively to provide clear and effective mitigations or remediations
• Good understanding, and ability to translate cybersecurity threats or risk to impacts on the ICT/OT environment and appropriate mitigation techniques will be advantageous
• Excellent verbal and written communication skills
• Strong leadership, communication, interpersonal, analytical and problem-solving skills

SMRT Trains Ltd was incorporated in 1987 and operates Singapore\'s first mass rapid transit system. Today, we manage and operate train services on the North-South Line, East-West Line, the Circle Line, the Thomson-East Coast Line, and the Bukit Panjang Light Rail Transit. With over 5,000 employees, more than 250 trains, and 141 km of rail tracks across 108 stations, we serve millions of commuters daily.

About SMRT Corporation

SMRT Corporation Ltd (SMRT) is a public transport services provider. Our primary business is to manage and operate train services on the North-South Line, the East-West Line, the Circle Line, the new Thomson East-Coast Line and the Bukit Panjang Light Rail Transit. This is complemented by our bus, taxi and private hire vehicle services.

An exciting and rewarding career is waiting for you at SMRT. Join us and embark on a journey that matters. You Matter \xe2\x80\x93 we take care of you and your well-being. Your Work Matters \xe2\x80\x93 your ideas and contributions work towards building the future of our transport system and create positive impacts to the community. Your Development Matters \xe2\x80\x93 we offer diverse careers and learning opportunities for our people to grow you to the fullest of your potential.

Come onboard the SMRT journey today.

Vision
Moving People. Enhancing Lifestyles

Core Values
Respect, Integrity, Service & Safety, Excellence

SMRT Corporation