---

Introduction:

Main / Key Responsibility(ies): Accountable for overall direction and leadership for all technology security architecture and design activities, including enterprise security standards, design patterns, best practices, reference architectures, emerging technology analysis and evaluation and adoption.

Responsibilities:

Job Description

Duties / Tasks:

• Maintain the cyber security strategy, roadmap and standards, in alignment with the overall technology strategy and roadmap.
• Own security policy and procedures and drive updates as and when needed.
• Provide security requirements for new initiatives, for delivery of secure technology products.
• Provide support to governance, risk and compliance matters for governance, risk and compliance assessments and recommends viable alternatives with regards to the area of IT and data hygiene.  Work with DPO to develop IT data security policies and guidelines.
• Lead the development and delivery of cyber security expertise for specific domains, such as mobility, networks, application, identify and access.
•  Lead the development and maintenance of the security controls taxonomy, including periodic reviews to ensure its effectiveness and continuous improvement.
• Work with internal IT team and MINDEF to ensure IT and cyber security concerns are deal with promptly.\
•  Provide update to Management and internal staff on the best practices of the latest cyber security topics periodically.
•  Reviewing Singapore guidelines and circulars issued by Singapore authorities and establishing the necessary action plans.
• Any other tasks assigned from time to time.

Requirements:

Requirements:

• Bachelor Degree in Information Technology/Computer Science or equivalent, together with at least 5 years of relevant working experience
• 5+ years of Enterprise IT Security Experience across application, infrastructure
• Experience in developing, maintaining and implementing enterprise-wide cyber security strategies
• Experience in security engineering, security education, network penetration testing, application vulnerability assessments, risk analysis and compliance testing
• Well-versed in IT security and risk management regulatory requirements, concepts, trends and technologies
• Familiar in Incident response, SIEM technologies, Vulnerability Management, Threat Intelligence, Compliance Management, Forensics, Vendor Management
• Knowledge of industry best practices on Secure Software Development Life Cycle (SSDLC)
• Possess good communication, writing and analytical skills
• Certifications in one or more of the following CISSP, CISM, CISA, CRISK, CEH, OSCP and/or CCNA is highly preferred

Additional Information

• Qualification
• Professional Certificate/NiTEC, Diploma, Advanced/Higher/Graduate Diploma, Bachelor's Degree, Post Graduate Diploma, Professional Degree