Job Description

:
Key Roles and Responsibilities

• Conduct risk assessment on digital solutions and third parties. Identify potential risks and provide options to protect the OT critical infrastructure, ICT Infrastructure, application systems and cloud environment.

• Conduct compliance check on internal controls to ensure compliance with established policies and applicable regulations.

• Assist in developing policies, standards and guidelines to safeguard digital assets in adherence to business needs, industrial best practices and regulatory requirements.

• Provide advisory services to internal departments on business digital initiatives using Security By design / Zero Trust framework to ensure consistency in controls.

• Manage security projects and solution implementation activities that address cybersecurity risks.

• Plan, design and conduct cyber security incident response workshops and exercises (table-top exercises, simulation, and drills)

• Be aware of latest industry standards, regulatory requirements and the potential impacts to cybersecurity policies, standards and procedures.

Qualifications & Experience

• Minimum 5 years' experience in Cybersecurity, Risk and Compliance

• Knowledgeable in security standards or regulations such as NIST, ISO 27001, SOC2, CCOP (SG), PDPA (SG), GDPR(EU), MPLS(CN), Security by Design

• Technical know-how and experience in solutions such as (but not limited to)

Cloud Infrastructure, e.g. Azure, AWS, Huawei, Ali
Cloud compliance e.g., Cloud Posture Management, Workload protectio
Awareness Platform e.g., Proofpoint, Knowbe4
Network Security e.g., F/W, IPS, Remote Access, NAC, Data Diode
Content Security e.g., Web, Email protection
End point Security e.g., AV, EDR, DLP
Identify Protection e.g. MFA, Privilege access management
Threat Management e.g., SIEM, UEBA, NDR, ASM, BAS
GRC Tool e.g., RSA Archer
Hardening guidelines for MS products, Linux
Vulnerability Assessment and Application Testing Tool e.g., Tenable, Qualys, Veracode, Synopsys etc.
System development lifecycle or DevOps framework

• Certifications such as CISA, CISM, CISSP, GICSP, CCSK, CRISC will be an added advantage

• Knowledge in OT solutions and security will be an added advantage

Skills Required