Job Req ID: 14740
We are looking for a capable Corporate Security Management individual who is proficient in take on a IT / Cyber Security Policy, Compliance and Audit role, which predominantly involves leading the implementation, integration and governance of security policies to the computing environment at the business level.
The job role does not require the candidate to be highly proficient in the technical aspect of Cyber Security Policies / Cyber Hygiene factors / IT Network infrastructure / Vulnerability scannings / Group Policy Objects, a keen interest in IT / Cyber / Network Security tasks, and the ability to collaborate and communicate with stake holders would be useful attributes.
Responsibilities
- Provide supervisory management and oversight on Cyber security matters.
- Lead, engage and drive LOBs Cyber security administrators in the compliance of cyber/IT policies and processes.
- Cyber/IT Security Policy and Procedures:
- Oversee and enforce compliance to cyber security policies, procedures, and guidelines to protect the organization's digital assets.
- Regularly review cyber security policies to address changes to regulatory guidelines, emerging threats, and industry best practices.
- Communicate cyber security policies to employees and provide training programs to ensure compliance.
- Management of Security System/Application:
- Strategise and drive IT / Cyber Security for current and future networks / systems / computing environment.
- Strategise the review, enhancement and integration of security systems as part of digitization and digitalization efforts to increase operational efficiency and productivity.
- Lead the review and investigation on suspicious email to protect company’s data through Data Loss Prevention (DLP) measures on network and devices.
- Manage the access control and upkeeping of Secured Line facility.
- Supervise and coordinate with facilities management to maintain the security infrastructure and address any issues that may impact cyber/IT security systems operations promptly.
- Oversee the implemention and oversee security measures for the protection of company digital assets.
- Cyber Security Operations and Incident Response:
- Supervise compliance with incident response plan to effectively respond to cyber security incidents or breaches.
- Drive and coordinate for the conduct of investigations into cyber security incidents, document findings, and implement corrective actions as necessary.
- Ensure compliance in reporting security incident to Group Security for further direction, corrective actions and preventive measures to be instituted.
- Prepare and present reports on cyber security incidents, trends, and metrics to senior management and relevant stakeholders.
- Communicate effectively with internal teams, external partners, and regulatory bodies regarding cyber security incidents and response efforts.
- Security Architecture and Infrastructure:
- Lead and collaborate with IT teams to design and implement secure network architecture, systems, and infrastructure.
- Supervise the evaluation and recommendation of security technologies and tools to enhance the organization's cyber security posture.
- Compliance and Regulatory Requirements:
- Ensure the organization's cyber security practices are in compliance with legal and regulatory requirements by GISO, customer, CSA regulations, and industry standards.
- Stay updated and provide effective communication to company employees on relevant cyber security regulations and requirements.
- Drive and coordinate for the implementation and management of security controls, such as network separation, firewalls, intrusion detection/prevention systems, SIEM and data loss prevention solutions (such as Solarwinds, CyberArk, SecureAge etc).
- Lead and support Cyber Facilities Clearance application (Cyber FCL) through site survey, system compliance checks and coordination with the authority.
- Oversee the BUs in their review of cyber security implementation plan for project.
- Threat Intelligence and Risk Assessment:
- Conduct security risk assessments to identify potential vulnerabilities, evaluate potential impact of cyber threats and develop appropriate risks mitigation measures.
- Evaluate existing Cyber/IT security controls, policies and procedures to determine their effectiveness in mitigating identified risks.
- Collaborate with internal stakeholders to ensure Cyber/IT security measures are integrated into business operations and processes.
- Assess the potential impact of identified threats on the company’s Cyber security posture.
- Security Budget and Resource Management:
- Strategise, develop, monitor, report and manage the cyber security related expenses, including the allocation of resources for cyber security initiatives.
- Identify and evaluate new cyber security technology solutions, vendor partnerships, and other resources to enhance security capabilities.
- Drive and plan for the secretariat support to quarterly Steering Committee Meetings and drive the follow up of outstanding actions items that arise by the BUs.
- Represent and support Land Systems as member in Cyber Security Committee meetings and IT Security Steering Committee meetings.
- Audit Planning and Execution:
- Lead in the conduct of corporate level audits and assessments related to cyber/IT security to ensure that the instructions and guidelines are complied with.
- Analysis and identify vulnerabilities, weaknesses and gaps in the company’s cyber security defenses and IT security infrastructure.
- Provide recommendations for improving cyber/IT security measure and mitigating risks.
- Responsible to prepare the detailed audit reports summarizing findings, observations and recommendations for management and relevant stakeholders.
- Lead the collaboration with management, security teams and other relevant departments to address audit findings and implement recommended solutions.
- Provide recommendations for enhancing risk management strategies and improving the company’s overall cyber resilience.
- Lead the conduct of security sweep exercises / spot checks to test the vigilance and alertness of the staff.
- Information Security:
- Strategise, develop and implement information security policies and procedures to protect sensitive data and intellectual property in a cyber environment.
- Ensure compliance with company and MINDEF/MSD data protection regulations at the BU level.
- Collaborate with cyber/IT security teams to implement security controls, conduct regular audits, and manage info security incident.
- Security Awareness and Training:
- Strategise to promote a culture of cyber security awareness within the organization through training programs and communication campaigns.
- Educate employees about cyber security risks and preventive measures, including sharing about cyber security best practices, such as strong password management and phishing awareness.
- Provide organizer/employees with guidance and support on cyber security-related concerns or enquiries.
- Consolidate and coordinate with MSD and Group Security for respective cyber security courses.
- Supervise, monitor and track annual cyber security declaration, and refresher training.
- Drive the preparation of security messages and publicity materials to increase cyber security awareness.
- Stragegise the improvement of cyber security culture through engagement and dialogue with respective BUs.
Requirements
- Bachelor's degree or equivalent combination of education.
- At least 5 years of professional experience in security governance, security audits, security systems management, guardroom operations, protection of classified information and compliance management.
- Prior experience in cyber security and classified information security is essential.
- Professional certifications such as Certified Protection Specialist (CPP), Physical Security Professional (PSP), Professional Security Investigator (PSI) or Industrial Security Professional (ISP) is a plus.
- Well-developed written and oral communication skills. Able to communicate clearly and sensitively with internal and external stakeholders. This includes effective negotiation and representation skills.